program: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x1, 0x2, 0x0, 0x0, 0xf, 0x14, "1271a2ab78fce00d9668dda1af1ea89d62b7080a01000000000300008a03000000000000000000ffffff7f00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f49d000000000004000000000000000002", [0x0, 0x4]}}) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='hybla', 0x5) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x58, r4, 0x100, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2c, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @from_mac, {}, @value=@ver_80211n={0x0, 0xc, 0x1, 0x2, 0x0, 0x2, 0x1}}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8000}, @chandef_params]}, 0x58}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r11, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r10, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) socket(0x29, 0x2, 0x100000) close(r2) recvfrom$inet(r1, &(0x7f0000000080)=""/54, 0x36, 0x10001, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) [ 84.993324][ T4705] Bluetooth: hci0: command tx timeout [ 85.077828][ T5366] ------------[ cut here ]------------ [ 85.080287][ T5366] WARNING: CPU: 0 PID: 5366 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0 [ 85.085373][ T5366] Modules linked in: [ 85.087214][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.091205][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.095741][ T5366] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 85.098240][ T5366] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 af 8c 00 cc e8 e2 21 cd f6 90 0f 0b 90 eb e1 e8 d7 21 cd f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 85.106383][ T5366] RSP: 0018:ffffc9000d35ef70 EFLAGS: 00010287 [ 85.108934][ T5366] RAX: ffffffff8af29c99 RBX: ffff88803f20c000 RCX: 0000000000100000 [ 85.112366][ T5366] RDX: ffffc9000e26a000 RSI: 0000000000000364 RDI: 0000000000000365 [ 85.115586][ T5366] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af297b3 [ 85.118743][ T5366] R10: dffffc0000000000 R11: ffffed1007e41831 R12: 1ffff11007e4180a [ 85.121778][ T5366] R13: ffff888032d68e40 R14: 0000000000000001 R15: ffffffff8af297b3 [ 85.125137][ T5366] FS: 00007f5bc26876c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.128626][ T5366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.131618][ T5366] CR2: 0000200000001080 CR3: 000000004360a000 CR4: 0000000000352ef0 [ 85.134934][ T5366] Call Trace: [ 85.136239][ T5366] [ 85.137423][ T5366] rate_control_rate_init_all_links+0x109/0x1a0 [ 85.140032][ T5366] sta_apply_auth_flags+0x1c2/0x400 [ 85.142211][ T5366] sta_apply_parameters+0xe4b/0x15b0 [ 85.144468][ T5366] ieee80211_add_station+0x424/0x6a0 [ 85.146797][ T5366] rdev_add_station+0x108/0x290 [ 85.149484][ T5366] nl80211_new_station+0x1755/0x1b70 [ 85.152240][ T5366] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.154175][ T5366] ? netdev_run_todo+0xe1d/0xea0 [ 85.155982][ T5366] ? nl80211_pre_doit+0x4f1/0x930 [ 85.157678][ T5366] genl_family_rcv_msg_doit+0x212/0x300 [ 85.159604][ T5366] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 85.161738][ T5366] ? bpf_lsm_capable+0x9/0x20 [ 85.163485][ T5366] ? security_capable+0x7e/0x2e0 [ 85.165162][ T5366] genl_rcv_msg+0x60e/0x790 [ 85.166714][ T5366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.168475][ T5366] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 85.170746][ T5366] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.173360][ T5366] ? __pfx_nl80211_post_doit+0x10/0x10 [ 85.175828][ T5366] ? __asan_memcpy+0x40/0x70 [ 85.178442][ T5366] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.181510][ T5366] netlink_rcv_skb+0x208/0x470 [ 85.184143][ T5366] ? __lock_acquire+0xab9/0xd20 [ 85.186922][ T5366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.189540][ T5366] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.192551][ T5366] ? down_read+0x1ad/0x2e0 [ 85.194936][ T5366] genl_rcv+0x28/0x40 [ 85.197161][ T5366] netlink_unicast+0x82c/0x9e0 [ 85.199839][ T5366] ? __pfx_netlink_unicast+0x10/0x10 [ 85.202972][ T5366] ? netlink_sendmsg+0x642/0xb30 [ 85.205467][ T5366] ? skb_put+0x11b/0x210 [ 85.207485][ T5366] netlink_sendmsg+0x805/0xb30 [ 85.209637][ T5366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.212101][ T5366] ? aa_sock_msg_perm+0xf1/0x1d0 [ 85.213955][ T5366] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.216447][ T5366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.218763][ T5366] __sock_sendmsg+0x219/0x270 [ 85.220998][ T5366] ____sys_sendmsg+0x505/0x830 [ 85.223200][ T5366] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.225636][ T5366] ? import_iovec+0x74/0xa0 [ 85.227742][ T5366] ___sys_sendmsg+0x21f/0x2a0 [ 85.229829][ T5366] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.232128][ T5366] ? __fget_files+0x2a/0x420 [ 85.233887][ T5366] ? __fget_files+0x3a0/0x420 [ 85.236045][ T5366] __x64_sys_sendmsg+0x19b/0x260 [ 85.238351][ T5366] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.241098][ T5366] ? rcu_is_watching+0x15/0xb0 [ 85.243331][ T5366] ? do_syscall_64+0xbe/0x3b0 [ 85.245263][ T5366] do_syscall_64+0xfa/0x3b0 [ 85.247217][ T5366] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.249576][ T5366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.252218][ T5366] ? clear_bhb_loop+0x60/0xb0 [ 85.254355][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.256822][ T5366] RIP: 0033:0x7f5bc178eec9 [ 85.258757][ T5366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.266141][ T5366] RSP: 002b:00007f5bc2687038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.269345][ T5366] RAX: ffffffffffffffda RBX: 00007f5bc19e5fa0 RCX: 00007f5bc178eec9 [ 85.272414][ T5366] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009 [ 85.275784][ T5366] RBP: 00007f5bc1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.279033][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.282439][ T5366] R13: 00007f5bc19e6038 R14: 00007f5bc19e5fa0 R15: 00007ffc0fa4e868 [ 85.285779][ T5366] [ 85.286987][ T5366] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.289772][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.293458][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.297895][ T5366] Call Trace: [ 85.299291][ T5366] [ 85.300438][ T5366] dump_stack_lvl+0x99/0x250 [ 85.302384][ T5366] ? __asan_memcpy+0x40/0x70 [ 85.304722][ T5366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.306809][ T5366] ? __pfx__printk+0x10/0x10 [ 85.308703][ T5366] vpanic+0x281/0x750 [ 85.310194][ T5366] ? __pfx__printk+0x10/0x10 [ 85.312693][ T5366] ? __pfx_vpanic+0x10/0x10 [ 85.314733][ T5366] ? is_bpf_text_address+0x292/0x2b0 [ 85.317083][ T5366] panic+0xb9/0xc0 [ 85.318822][ T5366] ? __pfx_panic+0x10/0x10 [ 85.320845][ T5366] __warn+0x31b/0x4b0 [ 85.322631][ T5366] ? rate_control_rate_init+0x64a/0x6e0 [ 85.325074][ T5366] ? rate_control_rate_init+0x64a/0x6e0 [ 85.327563][ T5366] report_bug+0x2be/0x4f0 [ 85.329535][ T5366] ? rate_control_rate_init+0x64a/0x6e0 [ 85.332085][ T5366] ? rate_control_rate_init+0x64a/0x6e0 [ 85.334562][ T5366] ? rate_control_rate_init+0x64c/0x6e0 [ 85.337032][ T5366] handle_bug+0x84/0x160 [ 85.338874][ T5366] exc_invalid_op+0x1a/0x50 [ 85.340842][ T5366] asm_exc_invalid_op+0x1a/0x20 [ 85.342792][ T5366] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 85.345166][ T5366] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 af 8c 00 cc e8 e2 21 cd f6 90 0f 0b 90 eb e1 e8 d7 21 cd f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 85.352210][ T5366] RSP: 0018:ffffc9000d35ef70 EFLAGS: 00010287 [ 85.354664][ T5366] RAX: ffffffff8af29c99 RBX: ffff88803f20c000 RCX: 0000000000100000 [ 85.357873][ T5366] RDX: ffffc9000e26a000 RSI: 0000000000000364 RDI: 0000000000000365 [ 85.361042][ T5366] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af297b3 [ 85.364534][ T5366] R10: dffffc0000000000 R11: ffffed1007e41831 R12: 1ffff11007e4180a [ 85.368113][ T5366] R13: ffff888032d68e40 R14: 0000000000000001 R15: ffffffff8af297b3 [ 85.371629][ T5366] ? rate_control_rate_init+0x163/0x6e0 [ 85.373970][ T5366] ? rate_control_rate_init+0x163/0x6e0 [ 85.376273][ T5366] ? rate_control_rate_init+0x649/0x6e0 [ 85.378690][ T5366] rate_control_rate_init_all_links+0x109/0x1a0 [ 85.381453][ T5366] sta_apply_auth_flags+0x1c2/0x400 [ 85.383743][ T5366] sta_apply_parameters+0xe4b/0x15b0 [ 85.386168][ T5366] ieee80211_add_station+0x424/0x6a0 [ 85.388540][ T5366] rdev_add_station+0x108/0x290 [ 85.390636][ T5366] nl80211_new_station+0x1755/0x1b70 [ 85.393007][ T5366] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.395515][ T5366] ? netdev_run_todo+0xe1d/0xea0 [ 85.397541][ T5366] ? nl80211_pre_doit+0x4f1/0x930 [ 85.399584][ T5366] genl_family_rcv_msg_doit+0x212/0x300 [ 85.401983][ T5366] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 85.404700][ T5366] ? bpf_lsm_capable+0x9/0x20 [ 85.406691][ T5366] ? security_capable+0x7e/0x2e0 [ 85.408920][ T5366] genl_rcv_msg+0x60e/0x790 [ 85.410990][ T5366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.413219][ T5366] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 85.415614][ T5366] ? __pfx_nl80211_new_station+0x10/0x10 [ 85.418082][ T5366] ? __pfx_nl80211_post_doit+0x10/0x10 [ 85.420501][ T5366] ? __asan_memcpy+0x40/0x70 [ 85.422549][ T5366] ? __pfx_ref_tracker_free+0x10/0x10 [ 85.424918][ T5366] netlink_rcv_skb+0x208/0x470 [ 85.426997][ T5366] ? __lock_acquire+0xab9/0xd20 [ 85.429158][ T5366] ? __pfx_genl_rcv_msg+0x10/0x10 [ 85.431362][ T5366] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 85.433632][ T5366] ? down_read+0x1ad/0x2e0 [ 85.435512][ T5366] genl_rcv+0x28/0x40 [ 85.437214][ T5366] netlink_unicast+0x82c/0x9e0 [ 85.439299][ T5366] ? __pfx_netlink_unicast+0x10/0x10 [ 85.441648][ T5366] ? netlink_sendmsg+0x642/0xb30 [ 85.443910][ T5366] ? skb_put+0x11b/0x210 [ 85.445750][ T5366] netlink_sendmsg+0x805/0xb30 [ 85.447811][ T5366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.450077][ T5366] ? aa_sock_msg_perm+0xf1/0x1d0 [ 85.452152][ T5366] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 85.454494][ T5366] ? __pfx_netlink_sendmsg+0x10/0x10 [ 85.456644][ T5366] __sock_sendmsg+0x219/0x270 [ 85.458704][ T5366] ____sys_sendmsg+0x505/0x830 [ 85.460703][ T5366] ? __pfx_____sys_sendmsg+0x10/0x10 [ 85.462952][ T5366] ? import_iovec+0x74/0xa0 [ 85.464933][ T5366] ___sys_sendmsg+0x21f/0x2a0 [ 85.466821][ T5366] ? __pfx____sys_sendmsg+0x10/0x10 [ 85.469123][ T5366] ? __fget_files+0x2a/0x420 [ 85.471122][ T5366] ? __fget_files+0x3a0/0x420 [ 85.473240][ T5366] __x64_sys_sendmsg+0x19b/0x260 [ 85.475328][ T5366] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 85.477661][ T5366] ? rcu_is_watching+0x15/0xb0 [ 85.479720][ T5366] ? do_syscall_64+0xbe/0x3b0 [ 85.481741][ T5366] do_syscall_64+0xfa/0x3b0 [ 85.483606][ T5366] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.485829][ T5366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.488220][ T5366] ? clear_bhb_loop+0x60/0xb0 [ 85.490206][ T5366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.492597][ T5366] RIP: 0033:0x7f5bc178eec9 [ 85.494530][ T5366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.502932][ T5366] RSP: 002b:00007f5bc2687038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.506379][ T5366] RAX: ffffffffffffffda RBX: 00007f5bc19e5fa0 RCX: 00007f5bc178eec9 [ 85.509812][ T5366] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009 [ 85.513176][ T5366] RBP: 00007f5bc1811f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.516427][ T5366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.519929][ T5366] R13: 00007f5bc19e6038 R14: 00007f5bc19e5fa0 R15: 00007ffc0fa4e868 [ 85.523360][ T5366] [ 85.525105][ T5366] Kernel Offset: disabled [ 85.527060][ T5366] Rebooting in 86400 seconds..