program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r7, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0)

[   74.072517][ T5294] Bluetooth: hci0: command tx timeout
[   74.150818][ T5315] ------------[ cut here ]------------
[   74.153292][ T5315] !chanctx_conf
[   74.153303][ T5315] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5315
[   74.159963][ T5315] Modules linked in:
[   74.161888][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.166007][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.170733][ T5315] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   74.173455][ T5315] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c2 da a4 f6 90 0f 0b 90 eb e1 e8 b7 da a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   74.181623][ T5315] RSP: 0018:ffffc9000ec3ef48 EFLAGS: 00010287
[   74.184055][ T5315] RAX: ffffffff8b20c0b9 RBX: ffff888012480000 RCX: 0000000000100000
[   74.187077][ T5315] RDX: ffffc9000f7f1000 RSI: 000000000000038c RDI: 000000000000038d
[   74.190207][ T5315] RBP: 0000000000000000 R08: ffffffff8b20bbd3 R09: ffffffff8e7602e0
[   74.193506][ T5315] R10: dffffc0000000000 R11: ffffed1002490031 R12: 1ffff1100249000a
[   74.197101][ T5315] R13: ffff888011ad0e80 R14: 0000000000000001 R15: ffffffff8b20bbd3
[   74.200786][ T5315] FS:  00007f623a7066c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   74.204720][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.207784][ T5315] CR2: 00007f623a706028 CR3: 000000004403a000 CR4: 0000000000352ef0
[   74.211411][ T5315] Call Trace:
[   74.213070][ T5315]  <TASK>
[   74.214869][ T5315]  rate_control_rate_init_all_links+0x109/0x1a0
[   74.218432][ T5315]  sta_apply_auth_flags+0x1c2/0x400
[   74.221482][ T5315]  sta_apply_parameters+0xea9/0x1620
[   74.224494][ T5315]  ieee80211_add_station+0x424/0x6a0
[   74.227520][ T5315]  rdev_add_station+0xfc/0x2c0
[   74.230087][ T5315]  nl80211_new_station+0x1864/0x1d30
[   74.232596][ T5315]  ? trace_contention_end+0x3d/0x150
[   74.235109][ T5315]  ? __pfx_nl80211_new_station+0x10/0x10
[   74.237526][ T5315]  ? __rtnl_unlock+0xc8/0xf0
[   74.239642][ T5315]  ? nl80211_pre_doit+0x4f1/0x930
[   74.241869][ T5315]  genl_family_rcv_msg_doit+0x22a/0x330
[   74.244196][ T5315]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   74.246923][ T5315]  ? bpf_lsm_capable+0x9/0x20
[   74.249109][ T5315]  ? security_capable+0x7e/0x2c0
[   74.251713][ T5315]  genl_rcv_msg+0x61c/0x7a0
[   74.253735][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.255953][ T5315]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   74.258119][ T5315]  ? __pfx_nl80211_new_station+0x10/0x10
[   74.260626][ T5315]  ? __pfx_nl80211_post_doit+0x10/0x10
[   74.263309][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   74.265811][ T5315]  netlink_rcv_skb+0x232/0x4b0
[   74.267860][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.270486][ T5315]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   74.272926][ T5315]  ? down_read+0x272/0x2e0
[   74.274963][ T5315]  ? genl_rcv+0xd/0x40
[   74.276842][ T5315]  genl_rcv+0x28/0x40
[   74.278549][ T5315]  netlink_unicast+0x80f/0x9b0
[   74.280897][ T5315]  ? __pfx_netlink_unicast+0x10/0x10
[   74.283219][ T5315]  ? netlink_sendmsg+0x650/0xb40
[   74.285415][ T5315]  ? skb_put+0x11b/0x210
[   74.287237][ T5315]  netlink_sendmsg+0x813/0xb40
[   74.289458][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.291819][ T5315]  ? trace_sched_set_need_resched_tp+0x3e/0x160
[   74.295191][ T5315]  ? aa_sock_msg_perm+0xf1/0x1b0
[   74.297529][ T5315]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   74.300030][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.302389][ T5315]  ____sys_sendmsg+0xa68/0xad0
[   74.304519][ T5315]  ? __pfx_____sys_sendmsg+0x10/0x10
[   74.306800][ T5315]  ? import_iovec+0x73/0xa0
[   74.308742][ T5315]  ___sys_sendmsg+0x2a5/0x360
[   74.311062][ T5315]  ? __pfx____sys_sendmsg+0x10/0x10
[   74.313406][ T5315]  ? futex_wake+0x4ac/0x580
[   74.315513][ T5315]  ? __fget_files+0x2a/0x420
[   74.317629][ T5315]  ? __fget_files+0x3a0/0x420
[   74.319900][ T5315]  __x64_sys_sendmsg+0x1bd/0x2a0
[   74.322126][ T5315]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   74.324622][ T5315]  ? rcu_is_watching+0x15/0xb0
[   74.326805][ T5315]  do_syscall_64+0x14d/0xf80
[   74.328363][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.330264][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.332667][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.334611][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.337157][ T5315] RIP: 0033:0x7f623979c799
[   74.339073][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.347654][ T5315] RSP: 002b:00007f623a706028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.351476][ T5315] RAX: ffffffffffffffda RBX: 00007f6239a15fa0 RCX: 00007f623979c799
[   74.355640][ T5315] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[   74.359440][ T5315] RBP: 00007f6239832bd9 R08: 0000000000000000 R09: 0000000000000000
[   74.362847][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.366482][ T5315] R13: 00007f6239a16038 R14: 00007f6239a15fa0 R15: 00007ffe8cb0e438
[   74.370294][ T5315]  </TASK>
[   74.371725][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.374999][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.379118][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.383566][ T5315] Call Trace:
[   74.385055][ T5315]  <TASK>
[   74.386410][ T5315]  vpanic+0x56c/0xa60
[   74.388193][ T5315]  ? __pfx__printk+0x10/0x10
[   74.390251][ T5315]  ? __pfx_vpanic+0x10/0x10
[   74.392257][ T5315]  ? is_bpf_text_address+0x292/0x2b0
[   74.394589][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   74.396885][ T5315]  panic+0xc5/0xd0
[   74.398605][ T5315]  ? __pfx_panic+0x10/0x10
[   74.400541][ T5315]  __warn+0x315/0x4f0
[   74.402370][ T5315]  ? rate_control_rate_init+0x64a/0x6e0
[   74.404770][ T5315]  ? rate_control_rate_init+0x64a/0x6e0
[   74.407210][ T5315]  __report_bug+0x29a/0x540
[   74.409206][ T5315]  ? lockdep_hardirqs_on+0x7a/0x110
[   74.411514][ T5315]  ? rate_control_rate_init+0x64a/0x6e0
[   74.413979][ T5315]  ? __pfx___report_bug+0x10/0x10
[   74.416201][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   74.418413][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   74.420651][ T5315]  ? rate_control_rate_init+0x64a/0x6e0
[   74.423054][ T5315]  report_bug+0x16a/0x220
[   74.425025][ T5315]  ? rate_control_rate_init+0x64a/0x6e0
[   74.427393][ T5315]  ? rate_control_rate_init+0x64c/0x6e0
[   74.429659][ T5315]  handle_bug+0x98/0x200
[   74.431398][ T5315]  exc_invalid_op+0x1a/0x50
[   74.433363][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   74.435559][ T5315] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   74.438346][ T5315] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c2 da a4 f6 90 0f 0b 90 eb e1 e8 b7 da a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   74.446852][ T5315] RSP: 0018:ffffc9000ec3ef48 EFLAGS: 00010287
[   74.449955][ T5315] RAX: ffffffff8b20c0b9 RBX: ffff888012480000 RCX: 0000000000100000
[   74.453878][ T5315] RDX: ffffc9000f7f1000 RSI: 000000000000038c RDI: 000000000000038d
[   74.457356][ T5315] RBP: 0000000000000000 R08: ffffffff8b20bbd3 R09: ffffffff8e7602e0
[   74.460919][ T5315] R10: dffffc0000000000 R11: ffffed1002490031 R12: 1ffff1100249000a
[   74.464434][ T5315] R13: ffff888011ad0e80 R14: 0000000000000001 R15: ffffffff8b20bbd3
[   74.468001][ T5315]  ? rate_control_rate_init+0x163/0x6e0
[   74.470494][ T5315]  ? rate_control_rate_init+0x163/0x6e0
[   74.472914][ T5315]  ? rate_control_rate_init+0x649/0x6e0
[   74.475355][ T5315]  ? rate_control_rate_init+0x649/0x6e0
[   74.477873][ T5315]  rate_control_rate_init_all_links+0x109/0x1a0
[   74.480711][ T5315]  sta_apply_auth_flags+0x1c2/0x400
[   74.483027][ T5315]  sta_apply_parameters+0xea9/0x1620
[   74.485440][ T5315]  ieee80211_add_station+0x424/0x6a0
[   74.487806][ T5315]  rdev_add_station+0xfc/0x2c0
[   74.490007][ T5315]  nl80211_new_station+0x1864/0x1d30
[   74.492427][ T5315]  ? trace_contention_end+0x3d/0x150
[   74.494848][ T5315]  ? __pfx_nl80211_new_station+0x10/0x10
[   74.497379][ T5315]  ? __rtnl_unlock+0xc8/0xf0
[   74.499424][ T5315]  ? nl80211_pre_doit+0x4f1/0x930
[   74.501549][ T5315]  genl_family_rcv_msg_doit+0x22a/0x330
[   74.504005][ T5315]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   74.506614][ T5315]  ? bpf_lsm_capable+0x9/0x20
[   74.508637][ T5315]  ? security_capable+0x7e/0x2c0
[   74.510787][ T5315]  genl_rcv_msg+0x61c/0x7a0
[   74.512848][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.515151][ T5315]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   74.517434][ T5315]  ? __pfx_nl80211_new_station+0x10/0x10
[   74.519944][ T5315]  ? __pfx_nl80211_post_doit+0x10/0x10
[   74.522210][ T5315]  ? __lock_acquire+0x6b5/0x2cf0
[   74.524209][ T5315]  netlink_rcv_skb+0x232/0x4b0
[   74.526398][ T5315]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.528782][ T5315]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   74.531211][ T5315]  ? down_read+0x272/0x2e0
[   74.533331][ T5315]  ? genl_rcv+0xd/0x40
[   74.535378][ T5315]  genl_rcv+0x28/0x40
[   74.537177][ T5315]  netlink_unicast+0x80f/0x9b0
[   74.539332][ T5315]  ? __pfx_netlink_unicast+0x10/0x10
[   74.541762][ T5315]  ? netlink_sendmsg+0x650/0xb40
[   74.543932][ T5315]  ? skb_put+0x11b/0x210
[   74.545782][ T5315]  netlink_sendmsg+0x813/0xb40
[   74.547849][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.550183][ T5315]  ? trace_sched_set_need_resched_tp+0x3e/0x160
[   74.552853][ T5315]  ? aa_sock_msg_perm+0xf1/0x1b0
[   74.555045][ T5315]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   74.557439][ T5315]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.559672][ T5315]  ____sys_sendmsg+0xa68/0xad0
[   74.561787][ T5315]  ? __pfx_____sys_sendmsg+0x10/0x10
[   74.564430][ T5315]  ? import_iovec+0x73/0xa0
[   74.567167][ T5315]  ___sys_sendmsg+0x2a5/0x360
[   74.570132][ T5315]  ? __pfx____sys_sendmsg+0x10/0x10
[   74.573346][ T5315]  ? futex_wake+0x4ac/0x580
[   74.575601][ T5315]  ? __fget_files+0x2a/0x420
[   74.577483][ T5315]  ? __fget_files+0x3a0/0x420
[   74.579587][ T5315]  __x64_sys_sendmsg+0x1bd/0x2a0
[   74.581645][ T5315]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   74.584033][ T5315]  ? rcu_is_watching+0x15/0xb0
[   74.586150][ T5315]  do_syscall_64+0x14d/0xf80
[   74.587980][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.590015][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.592358][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.594411][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.597177][ T5315] RIP: 0033:0x7f623979c799
[   74.599249][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.607849][ T5315] RSP: 002b:00007f623a706028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.611145][ T5315] RAX: ffffffffffffffda RBX: 00007f6239a15fa0 RCX: 00007f623979c799
[   74.614745][ T5315] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[   74.618310][ T5315] RBP: 00007f6239832bd9 R08: 0000000000000000 R09: 0000000000000000
[   74.622006][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.625646][ T5315] R13: 00007f6239a16038 R14: 00007f6239a15fa0 R15: 00007ffe8cb0e438
[   74.629249][ T5315]  </TASK>
[   74.631121][ T5315] Kernel Offset: disabled
[   74.633132][ T5315] Rebooting in 86400 seconds..