program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="680200bf", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="31000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100710701010001020903000000080026006c09000008000c006400000008000d0000000000"], 0x68}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f0000000400)={'nat\x00'}, 0x28) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x3c, r6, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) [ 59.233902][ T5314] ------------[ cut here ]------------ [ 59.236273][ T5314] WARNING: CPU: 0 PID: 5314 at net/mac80211/rate.c:53 rate_control_rate_init+0x5ec/0x680 [ 59.240532][ T5314] Modules linked in: [ 59.242112][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 59.245599][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.249799][ T5314] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 59.252141][ T5314] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 9c 65 f6 90 0f 0b 90 eb e2 e8 f5 9b 65 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 59.259779][ T5314] RSP: 0018:ffffc9000d436fd0 EFLAGS: 00010287 [ 59.262161][ T5314] RAX: ffffffff8b39d7fb RBX: 0000000000000001 RCX: 0000000000100000 [ 59.265121][ T5314] RDX: ffffc9000e7ea000 RSI: 0000000000000364 RDI: 0000000000000365 [ 59.268062][ T5314] RBP: ffffffff8b39d345 R08: ffffffff8b39d430 R09: 1ffffffff2854910 [ 59.271238][ T5314] R10: dffffc0000000000 R11: fffffbfff2854911 R12: ffff8880523a8e40 [ 59.274082][ T5314] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff110085e800a [ 59.277059][ T5314] FS: 00007f6bda9e06c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.280580][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.283252][ T5314] CR2: 00007f6bd9b6bac0 CR3: 0000000040cb2000 CR4: 0000000000352ef0 [ 59.286059][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.288839][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.291712][ T5314] Call Trace: [ 59.292753][ T5314] [ 59.293700][ T5314] ? __warn+0x165/0x4d0 [ 59.295291][ T5314] ? rate_control_rate_init+0x5ec/0x680 [ 59.297242][ T5314] ? report_bug+0x2b3/0x500 [ 59.298850][ T5314] ? rate_control_rate_init+0x5ec/0x680 [ 59.301142][ T5314] ? handle_bug+0x60/0x90 [ 59.302580][ T5314] ? exc_invalid_op+0x1a/0x50 [ 59.304400][ T5314] ? asm_exc_invalid_op+0x1a/0x20 [ 59.306319][ T5314] ? rate_control_rate_init+0x135/0x680 [ 59.308420][ T5314] ? rate_control_rate_init+0x220/0x680 [ 59.310532][ T5314] ? rate_control_rate_init+0x5eb/0x680 [ 59.312699][ T5314] ? rate_control_rate_init+0x5ec/0x680 [ 59.314864][ T5314] rate_control_rate_init_all_links+0xfc/0x190 [ 59.317195][ T5314] sta_apply_auth_flags+0x1b6/0x410 [ 59.319257][ T5314] sta_apply_parameters+0xe23/0x1550 [ 59.321292][ T5314] ieee80211_add_station+0x3da/0x630 [ 59.323235][ T5314] rdev_add_station+0x11b/0x2b0 [ 59.325079][ T5314] nl80211_new_station+0x1d53/0x2550 [ 59.327014][ T5314] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.329071][ T5314] ? netdev_run_todo+0xf88/0x1000 [ 59.330972][ T5314] genl_rcv_msg+0xb14/0xec0 [ 59.332735][ T5314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.334639][ T5314] ? __pfx_lock_acquire+0x10/0x10 [ 59.336578][ T5314] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 59.338621][ T5314] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.340985][ T5314] ? __pfx_nl80211_post_doit+0x10/0x10 [ 59.343016][ T5314] ? __pfx___might_resched+0x10/0x10 [ 59.344809][ T5314] netlink_rcv_skb+0x1e3/0x430 [ 59.346638][ T5314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.348505][ T5314] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 59.350646][ T5314] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 59.352726][ T5314] genl_rcv+0x28/0x40 [ 59.354186][ T5314] netlink_unicast+0x7f6/0x990 [ 59.355966][ T5314] ? __pfx_netlink_unicast+0x10/0x10 [ 59.357848][ T5314] ? __virt_addr_valid+0x45f/0x530 [ 59.359821][ T5314] ? __phys_addr_symbol+0x2f/0x70 [ 59.361664][ T5314] ? __check_object_size+0x47a/0x730 [ 59.363486][ T5314] netlink_sendmsg+0x8e4/0xcb0 [ 59.365302][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.367228][ T5314] ? aa_sock_msg_perm+0x91/0x160 [ 59.369216][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.370866][ T5314] __sock_sendmsg+0x221/0x270 [ 59.372712][ T5314] ____sys_sendmsg+0x52a/0x7e0 [ 59.374497][ T5314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 59.376462][ T5314] ? __fget_files+0x2a/0x410 [ 59.378206][ T5314] ? __fget_files+0x2a/0x410 [ 59.380089][ T5314] __sys_sendmsg+0x269/0x350 [ 59.381861][ T5314] ? __pfx___sys_sendmsg+0x10/0x10 [ 59.383863][ T5314] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.386305][ T5314] ? do_syscall_64+0x100/0x230 [ 59.388184][ T5314] ? do_syscall_64+0xb6/0x230 [ 59.390101][ T5314] do_syscall_64+0xf3/0x230 [ 59.391852][ T5314] ? clear_bhb_loop+0x35/0x90 [ 59.393626][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.395672][ T5314] RIP: 0033:0x7f6bd9b85d29 [ 59.397326][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.404446][ T5314] RSP: 002b:00007f6bda9e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.407460][ T5314] RAX: ffffffffffffffda RBX: 00007f6bd9d75fa0 RCX: 00007f6bd9b85d29 [ 59.410306][ T5314] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000007 [ 59.413330][ T5314] RBP: 00007f6bd9c01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 59.416457][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.419585][ T5314] R13: 0000000000000000 R14: 00007f6bd9d75fa0 R15: 00007ffddaf8ab48 [ 59.422453][ T5314] [ 59.423613][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 59.426238][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 59.430103][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.433619][ T5314] Call Trace: [ 59.434825][ T5314] [ 59.435892][ T5314] dump_stack_lvl+0x241/0x360 [ 59.437531][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.439510][ T5314] ? __pfx__printk+0x10/0x10 [ 59.441207][ T5314] ? vscnprintf+0x5d/0x90 [ 59.442719][ T5314] panic+0x349/0x880 [ 59.444138][ T5314] ? __warn+0x174/0x4d0 [ 59.445617][ T5314] ? __pfx_panic+0x10/0x10 [ 59.447269][ T5314] __warn+0x344/0x4d0 [ 59.448730][ T5314] ? rate_control_rate_init+0x5ec/0x680 [ 59.450725][ T5314] report_bug+0x2b3/0x500 [ 59.452617][ T5314] ? rate_control_rate_init+0x5ec/0x680 [ 59.454651][ T5314] handle_bug+0x60/0x90 [ 59.456299][ T5314] exc_invalid_op+0x1a/0x50 [ 59.458025][ T5314] asm_exc_invalid_op+0x1a/0x20 [ 59.459888][ T5314] RIP: 0010:rate_control_rate_init+0x5ec/0x680 [ 59.462235][ T5314] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 9c 65 f6 90 0f 0b 90 eb e2 e8 f5 9b 65 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00 [ 59.469208][ T5314] RSP: 0018:ffffc9000d436fd0 EFLAGS: 00010287 [ 59.471443][ T5314] RAX: ffffffff8b39d7fb RBX: 0000000000000001 RCX: 0000000000100000 [ 59.474330][ T5314] RDX: ffffc9000e7ea000 RSI: 0000000000000364 RDI: 0000000000000365 [ 59.477138][ T5314] RBP: ffffffff8b39d345 R08: ffffffff8b39d430 R09: 1ffffffff2854910 [ 59.479899][ T5314] R10: dffffc0000000000 R11: fffffbfff2854911 R12: ffff8880523a8e40 [ 59.482828][ T5314] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff110085e800a [ 59.485714][ T5314] ? rate_control_rate_init+0x135/0x680 [ 59.487668][ T5314] ? rate_control_rate_init+0x220/0x680 [ 59.489793][ T5314] ? rate_control_rate_init+0x5eb/0x680 [ 59.491852][ T5314] rate_control_rate_init_all_links+0xfc/0x190 [ 59.493981][ T5314] sta_apply_auth_flags+0x1b6/0x410 [ 59.495967][ T5314] sta_apply_parameters+0xe23/0x1550 [ 59.497824][ T5314] ieee80211_add_station+0x3da/0x630 [ 59.499720][ T5314] rdev_add_station+0x11b/0x2b0 [ 59.501511][ T5314] nl80211_new_station+0x1d53/0x2550 [ 59.503602][ T5314] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.505702][ T5314] ? netdev_run_todo+0xf88/0x1000 [ 59.507452][ T5314] genl_rcv_msg+0xb14/0xec0 [ 59.509172][ T5314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.510873][ T5314] ? __pfx_lock_acquire+0x10/0x10 [ 59.512771][ T5314] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 59.514742][ T5314] ? __pfx_nl80211_new_station+0x10/0x10 [ 59.516659][ T5314] ? __pfx_nl80211_post_doit+0x10/0x10 [ 59.518411][ T5314] ? __pfx___might_resched+0x10/0x10 [ 59.520263][ T5314] netlink_rcv_skb+0x1e3/0x430 [ 59.522146][ T5314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 59.524112][ T5314] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 59.525997][ T5314] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 59.528264][ T5314] genl_rcv+0x28/0x40 [ 59.530006][ T5314] netlink_unicast+0x7f6/0x990 [ 59.532076][ T5314] ? __pfx_netlink_unicast+0x10/0x10 [ 59.534460][ T5314] ? __virt_addr_valid+0x45f/0x530 [ 59.536766][ T5314] ? __phys_addr_symbol+0x2f/0x70 [ 59.538918][ T5314] ? __check_object_size+0x47a/0x730 [ 59.540862][ T5314] netlink_sendmsg+0x8e4/0xcb0 [ 59.542632][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.544995][ T5314] ? aa_sock_msg_perm+0x91/0x160 [ 59.547238][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 59.549468][ T5314] __sock_sendmsg+0x221/0x270 [ 59.551218][ T5314] ____sys_sendmsg+0x52a/0x7e0 [ 59.553118][ T5314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 59.555533][ T5314] ? __fget_files+0x2a/0x410 [ 59.557560][ T5314] ? __fget_files+0x2a/0x410 [ 59.559547][ T5314] __sys_sendmsg+0x269/0x350 [ 59.561444][ T5314] ? __pfx___sys_sendmsg+0x10/0x10 [ 59.563510][ T5314] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.565929][ T5314] ? do_syscall_64+0x100/0x230 [ 59.567824][ T5314] ? do_syscall_64+0xb6/0x230 [ 59.569577][ T5314] do_syscall_64+0xf3/0x230 [ 59.571350][ T5314] ? clear_bhb_loop+0x35/0x90 [ 59.573091][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.575225][ T5314] RIP: 0033:0x7f6bd9b85d29 [ 59.576918][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.583895][ T5314] RSP: 002b:00007f6bda9e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.586926][ T5314] RAX: ffffffffffffffda RBX: 00007f6bd9d75fa0 RCX: 00007f6bd9b85d29 [ 59.589888][ T5314] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000007 [ 59.592841][ T5314] RBP: 00007f6bd9c01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 59.595762][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.598655][ T5314] R13: 0000000000000000 R14: 00007f6bd9d75fa0 R15: 00007ffddaf8ab48 [ 59.601580][ T5314] [ 59.603082][ T5314] Kernel Offset: disabled [ 59.604767][ T5314] Rebooting in 86400 seconds..