program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050026bd7000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="30000e008000000038664ddbde82a3d8a8c70756af42ffffffffffff08021100000008021100000000000000000000000000640001007206030303030303080026006c09000008000c006400000008000d000000000032cca568d5c4b3636a43db47a14c813b5d17cde58b3eb00400cb9768b84245a4844f0950bc261f0a43c09858ec5fd4445641564d6e5f8a1b08658b54586af40843a3a05e11d757b5eeaaa9bb423fb5b727a9b9682cbc5b03e2daddda42c0612992bfcf60f2415db2bc0ecc02955edc9d627ef807df6b29841d1461a142620036f16c08953003e742c1c842c788dd7033a0999eb3bef71910d1ec150d71bca5bdfcb414fb0643462039952f21fb752d892f73a85918d7061941d10125267d12f332f8c1a6da"], 0x64}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x28, r1, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x4c}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x1)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x214000, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
ioctl$SIOCX25SSUBSCRIP(r6, 0x89e1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)={0xd8, 0x17, 0x100, 0x70bd2d, 0x25dfdbfe, {0x19}, [@generic="eeb8b7ab5d0f1f64153fd76d70200289601954a76449fc1533ef52ae920ac0c8e889bfc78716fa25b95fe868565d36c341a24b8c957f72a6f64799ca8a677310001817810384079bb6c47864363fcb1023c09432efce3cd8be8fcecee58df19756df74b136e851a2d9f5246041fc7bf7af2b6831edc6a725d30b47f179629223a391ccfc03d305a212ee5e763e12877a4c5a2d819949982ddead6813ee90464b3b71b5685c303f129f23a53423f8997020ad5913ff652a181a791db2ebfa5d29116b2f", @generic]}, 0xd8}, 0x1, 0x0, 0x0, 0x4}, 0x4840)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

[   73.390612][ T5297] Bluetooth: hci0: command tx timeout
[   73.466431][ T5318] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'.
[   73.480587][ T5318] ------------[ cut here ]------------
[   73.483055][ T5318] !chanctx_conf
[   73.483066][ T5318] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5318
[   73.488755][ T5318] Modules linked in:
[   73.490794][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   73.494087][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   73.498011][ T5318] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   73.500732][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 07 90 00 cc e8 a2 8d b8 f6 90 0f 0b 90 eb e1 e8 97 8d b8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   73.508244][ T5318] RSP: 0018:ffffc9000af86f60 EFLAGS: 00010283
[   73.510753][ T5318] RAX: ffffffff8b0bfc29 RBX: ffff8880438f4000 RCX: 0000000000100000
[   73.513993][ T5318] RDX: ffffc90020802000 RSI: 00000000000003d9 RDI: 00000000000003da
[   73.517571][ T5318] RBP: 0000000000000000 R08: ffffffff8b0bf743 R09: ffffffff8e55a360
[   73.521386][ T5318] R10: dffffc0000000000 R11: ffffed100871e831 R12: 1ffff1100871e80a
[   73.525026][ T5318] R13: ffff88801fcc8e80 R14: 0000000000000001 R15: ffffffff8b0bf743
[   73.528584][ T5318] FS:  00007f47d51cd6c0(0000) GS:ffff88808cce8000(0000) knlGS:0000000000000000
[   73.532689][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.535606][ T5318] CR2: 0000200000001080 CR3: 00000000493e2000 CR4: 0000000000352ef0
[   73.539214][ T5318] Call Trace:
[   73.540879][ T5318]  <TASK>
[   73.542269][ T5318]  rate_control_rate_init_all_links+0x109/0x1a0
[   73.545099][ T5318]  sta_apply_auth_flags+0x1c2/0x400
[   73.547464][ T5318]  sta_apply_parameters+0xe27/0x1570
[   73.550040][ T5318]  ieee80211_add_station+0x424/0x6a0
[   73.552442][ T5318]  rdev_add_station+0xfc/0x270
[   73.554571][ T5318]  nl80211_new_station+0x1860/0x1c70
[   73.556909][ T5318]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.559373][ T5318]  ? netdev_run_todo+0xd5c/0xde0
[   73.561688][ T5318]  ? nl80211_pre_doit+0x4f1/0x930
[   73.564002][ T5318]  genl_family_rcv_msg_doit+0x22a/0x330
[   73.566244][ T5318]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   73.568755][ T5318]  ? bpf_lsm_capable+0x9/0x20
[   73.570757][ T5318]  ? security_capable+0x7e/0x2c0
[   73.572780][ T5318]  genl_rcv_msg+0x61c/0x7a0
[   73.574600][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.576636][ T5318]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   73.578972][ T5318]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.581413][ T5318]  ? __pfx_nl80211_post_doit+0x10/0x10
[   73.583792][ T5318]  ? __pfx_ref_tracker_free+0x10/0x10
[   73.586166][ T5318]  ? __skb_clone+0x63/0x7a0
[   73.588203][ T5318]  netlink_rcv_skb+0x232/0x4b0
[   73.590541][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.593020][ T5318]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.595413][ T5318]  ? genl_rcv+0x19/0x40
[   73.597295][ T5318]  ? down_read+0x272/0x2e0
[   73.599463][ T5318]  ? genl_rcv+0xd/0x40
[   73.601523][ T5318]  genl_rcv+0x28/0x40
[   73.603269][ T5318]  netlink_unicast+0x80f/0x9b0
[   73.604997][ T5318]  ? __pfx_netlink_unicast+0x10/0x10
[   73.607405][ T5318]  ? __alloc_skb+0x193/0x390
[   73.609816][ T5318]  ? netlink_sendmsg+0x650/0xb40
[   73.612186][ T5318]  ? skb_put+0x11b/0x210
[   73.614076][ T5318]  netlink_sendmsg+0x813/0xb40
[   73.616126][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.618583][ T5318]  ? aa_sock_msg_perm+0xf1/0x1b0
[   73.621064][ T5318]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   73.623319][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.625586][ T5318]  ____sys_sendmsg+0xa68/0xad0
[   73.627666][ T5318]  ? __might_fault+0xaf/0x130
[   73.629855][ T5318]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.632254][ T5318]  ? import_iovec+0x73/0xa0
[   73.634249][ T5318]  ___sys_sendmsg+0x2a5/0x360
[   73.636363][ T5318]  ? __lock_acquire+0x6b5/0x2cf0
[   73.638551][ T5318]  ? __pfx____sys_sendmsg+0x10/0x10
[   73.640895][ T5318]  ? futex_wake+0x4ac/0x580
[   73.642901][ T5318]  ? __fget_files+0x2a/0x420
[   73.644982][ T5318]  ? __fget_files+0x3a0/0x420
[   73.647132][ T5318]  __x64_sys_sendmsg+0x1bd/0x2a0
[   73.649391][ T5318]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   73.651895][ T5318]  ? rcu_is_watching+0x15/0xb0
[   73.653915][ T5318]  do_syscall_64+0xe2/0xf80
[   73.655896][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.658476][ T5318]  ? trace_irq_disable+0x37/0x100
[   73.660821][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   73.662826][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.665405][ T5318] RIP: 0033:0x7f47d439aeb9
[   73.667364][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   73.675778][ T5318] RSP: 002b:00007f47d51cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.679432][ T5318] RAX: ffffffffffffffda RBX: 00007f47d4615fa0 RCX: 00007f47d439aeb9
[   73.682673][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[   73.686186][ T5318] RBP: 00007f47d4408c1f R08: 0000000000000000 R09: 0000000000000000
[   73.689500][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.693243][ T5318] R13: 00007f47d4616038 R14: 00007f47d4615fa0 R15: 00007fff90be5288
[   73.697114][ T5318]  </TASK>
[   73.698558][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   73.701820][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   73.705355][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   73.709763][ T5318] Call Trace:
[   73.711274][ T5318]  <TASK>
[   73.712501][ T5318]  vpanic+0x1e0/0x670
[   73.714204][ T5318]  panic+0xc5/0xd0
[   73.715790][ T5318]  ? __pfx_panic+0x10/0x10
[   73.717759][ T5318]  __warn+0x315/0x4a0
[   73.719643][ T5318]  ? rate_control_rate_init+0x64a/0x6e0
[   73.721984][ T5318]  ? rate_control_rate_init+0x64a/0x6e0
[   73.724203][ T5318]  __report_bug+0x29a/0x540
[   73.726028][ T5318]  ? lockdep_hardirqs_on+0x7a/0x110
[   73.728132][ T5318]  ? rate_control_rate_init+0x64a/0x6e0
[   73.730470][ T5318]  ? __pfx___report_bug+0x10/0x10
[   73.732784][ T5318]  ? __lock_acquire+0x6b5/0x2cf0
[   73.734952][ T5318]  ? __lock_acquire+0x6b5/0x2cf0
[   73.737078][ T5318]  ? rate_control_rate_init+0x64a/0x6e0
[   73.739411][ T5318]  report_bug+0x16a/0x220
[   73.741341][ T5318]  ? rate_control_rate_init+0x64a/0x6e0
[   73.743671][ T5318]  ? rate_control_rate_init+0x64c/0x6e0
[   73.746074][ T5318]  handle_bug+0x98/0x200
[   73.747981][ T5318]  exc_invalid_op+0x1a/0x50
[   73.749955][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   73.751760][ T5318] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   73.754320][ T5318] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 07 90 00 cc e8 a2 8d b8 f6 90 0f 0b 90 eb e1 e8 97 8d b8 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   73.762535][ T5318] RSP: 0018:ffffc9000af86f60 EFLAGS: 00010283
[   73.765257][ T5318] RAX: ffffffff8b0bfc29 RBX: ffff8880438f4000 RCX: 0000000000100000
[   73.768639][ T5318] RDX: ffffc90020802000 RSI: 00000000000003d9 RDI: 00000000000003da
[   73.772195][ T5318] RBP: 0000000000000000 R08: ffffffff8b0bf743 R09: ffffffff8e55a360
[   73.775722][ T5318] R10: dffffc0000000000 R11: ffffed100871e831 R12: 1ffff1100871e80a
[   73.779217][ T5318] R13: ffff88801fcc8e80 R14: 0000000000000001 R15: ffffffff8b0bf743
[   73.782607][ T5318]  ? rate_control_rate_init+0x163/0x6e0
[   73.785094][ T5318]  ? rate_control_rate_init+0x163/0x6e0
[   73.787544][ T5318]  ? rate_control_rate_init+0x649/0x6e0
[   73.789969][ T5318]  rate_control_rate_init_all_links+0x109/0x1a0
[   73.792797][ T5318]  sta_apply_auth_flags+0x1c2/0x400
[   73.795122][ T5318]  sta_apply_parameters+0xe27/0x1570
[   73.797367][ T5318]  ieee80211_add_station+0x424/0x6a0
[   73.799538][ T5318]  rdev_add_station+0xfc/0x270
[   73.801494][ T5318]  nl80211_new_station+0x1860/0x1c70
[   73.803666][ T5318]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.806085][ T5318]  ? netdev_run_todo+0xd5c/0xde0
[   73.808334][ T5318]  ? nl80211_pre_doit+0x4f1/0x930
[   73.810539][ T5318]  genl_family_rcv_msg_doit+0x22a/0x330
[   73.813047][ T5318]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   73.815763][ T5318]  ? bpf_lsm_capable+0x9/0x20
[   73.817798][ T5318]  ? security_capable+0x7e/0x2c0
[   73.819994][ T5318]  genl_rcv_msg+0x61c/0x7a0
[   73.822027][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.824277][ T5318]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   73.826637][ T5318]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.829099][ T5318]  ? __pfx_nl80211_post_doit+0x10/0x10
[   73.831596][ T5318]  ? __pfx_ref_tracker_free+0x10/0x10
[   73.833893][ T5318]  ? __skb_clone+0x63/0x7a0
[   73.835902][ T5318]  netlink_rcv_skb+0x232/0x4b0
[   73.838078][ T5318]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.840273][ T5318]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.842683][ T5318]  ? genl_rcv+0x19/0x40
[   73.844654][ T5318]  ? down_read+0x272/0x2e0
[   73.846756][ T5318]  ? genl_rcv+0xd/0x40
[   73.848626][ T5318]  genl_rcv+0x28/0x40
[   73.850454][ T5318]  netlink_unicast+0x80f/0x9b0
[   73.852656][ T5318]  ? __pfx_netlink_unicast+0x10/0x10
[   73.854949][ T5318]  ? __alloc_skb+0x193/0x390
[   73.856931][ T5318]  ? netlink_sendmsg+0x650/0xb40
[   73.859040][ T5318]  ? skb_put+0x11b/0x210
[   73.860974][ T5318]  netlink_sendmsg+0x813/0xb40
[   73.862986][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.865239][ T5318]  ? aa_sock_msg_perm+0xf1/0x1b0
[   73.867334][ T5318]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   73.869597][ T5318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.871822][ T5318]  ____sys_sendmsg+0xa68/0xad0
[   73.873960][ T5318]  ? __might_fault+0xaf/0x130
[   73.876104][ T5318]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.878482][ T5318]  ? import_iovec+0x73/0xa0
[   73.880552][ T5318]  ___sys_sendmsg+0x2a5/0x360
[   73.882567][ T5318]  ? __lock_acquire+0x6b5/0x2cf0
[   73.884753][ T5318]  ? __pfx____sys_sendmsg+0x10/0x10
[   73.887083][ T5318]  ? futex_wake+0x4ac/0x580
[   73.889107][ T5318]  ? __fget_files+0x2a/0x420
[   73.891201][ T5318]  ? __fget_files+0x3a0/0x420
[   73.893297][ T5318]  __x64_sys_sendmsg+0x1bd/0x2a0
[   73.895514][ T5318]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   73.897938][ T5318]  ? rcu_is_watching+0x15/0xb0
[   73.900129][ T5318]  do_syscall_64+0xe2/0xf80
[   73.902181][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.904935][ T5318]  ? trace_irq_disable+0x37/0x100
[   73.907256][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   73.909286][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.911667][ T5318] RIP: 0033:0x7f47d439aeb9
[   73.913602][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   73.922240][ T5318] RSP: 002b:00007f47d51cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.926280][ T5318] RAX: ffffffffffffffda RBX: 00007f47d4615fa0 RCX: 00007f47d439aeb9
[   73.929587][ T5318] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[   73.932444][ T5318] RBP: 00007f47d4408c1f R08: 0000000000000000 R09: 0000000000000000
[   73.935895][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.939603][ T5318] R13: 00007f47d4616038 R14: 00007f47d4615fa0 R15: 00007fff90be5288
[   73.943076][ T5318]  </TASK>
[   73.944821][ T5318] Kernel Offset: disabled
[   73.946731][ T5318] Rebooting in 86400 seconds..