program:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r4 = socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_STD(r5, 0x80085617, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}, {0x7, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000f511c6003c1569dfe9c2a05405b6ac7904c48fe31d1765a047f86188f9d6c4c578753c6249e0623db9c5ac4ae8af1d56c776e0c11761b675a6951fd81fda8a5e16d80fd5ef93a8ca71ab9f31f10ac270959ae30118a109bead94fea94da7f6c38ddf15974f5476b60a09cd4737df08555a60112af3ac018682a66e42437400be39a160ff", @ANYRES16=r6, @ANYBLOB="050026bd7000000000000f00000008000300", @ANYRES32=r11, @ANYBLOB="30000e0080000000ffffffffffff08021100000008021100000000000000000000000000640001007206030303030303080026006c09000008000c006400000008000d0000000000", @ANYBLOB="71dc822d5f18b1834d3cc153f9ebee53e0368a03c5dfc2c180e83068656665effec0d405018d225f017412a6b02887565a6eec48ebd7fd905da31929810aae5f7ea31472e49d82176149d860afbca769b7f54cb7babdd422310c51912c6f2c75232cc6ddea5c9f55998b7e94853acbd168cbded4084a8e8670de78a0f932aaffdb7cbe28788c21", @ANYRES8=r1], 0x64}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r12=>0xffffffffffffffff})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r13 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r13, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSMRU1(r13, 0x40047452, &(0x7f0000000140))
r14 = socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r16=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r14, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r15, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

[   83.254976][   T45] Bluetooth: hci0: command tx timeout
[   83.478302][ T5323] ------------[ cut here ]------------
[   83.481097][ T5323] !chanctx_conf
[   83.481134][ T5323] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5323
[   83.488780][ T5323] Modules linked in:
[   83.490846][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   83.494671][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.499610][ T5323] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   83.503302][ T5323] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 f3 a3 f6 90 0f 0b 90 eb e1 e8 c7 f3 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   83.512082][ T5323] RSP: 0018:ffffc9000dcf6f48 EFLAGS: 00010287
[   83.514966][ T5323] RAX: ffffffff8b21bcb9 RBX: ffff88801279c000 RCX: 0000000000100000
[   83.518974][ T5323] RDX: ffffc9000ecc2000 RSI: 0000000000000387 RDI: 0000000000000388
[   83.523096][ T5323] RBP: 0000000000000000 R08: ffffffff8b21b7d3 R09: ffffffff8e75e520
[   83.526830][ T5323] R10: dffffc0000000000 R11: ffffed10024f3831 R12: 1ffff110024f380a
[   83.530593][ T5323] R13: ffff888038998e80 R14: 0000000000000001 R15: ffffffff8b21b7d3
[   83.535385][ T5323] FS:  00007f425bc516c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   83.539543][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.542786][ T5323] CR2: 00007f425afec2e0 CR3: 0000000043cc0000 CR4: 0000000000352ef0
[   83.546657][ T5323] Call Trace:
[   83.548528][ T5323]  <TASK>
[   83.550266][ T5323]  rate_control_rate_init_all_links+0x109/0x1a0
[   83.553568][ T5323]  sta_apply_auth_flags+0x1c2/0x400
[   83.556058][ T5323]  sta_apply_parameters+0xea9/0x1620
[   83.558339][ T5323]  ieee80211_add_station+0x424/0x6a0
[   83.560644][ T5323]  rdev_add_station+0xfc/0x2c0
[   83.562835][ T5323]  nl80211_new_station+0x1864/0x1d30
[   83.565553][ T5323]  ? trace_contention_end+0x3d/0x150
[   83.569021][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   83.571643][ T5323]  ? __rtnl_unlock+0xc8/0xf0
[   83.573612][ T5323]  ? nl80211_pre_doit+0x4f1/0x930
[   83.575914][ T5323]  genl_family_rcv_msg_doit+0x22a/0x330
[   83.578392][ T5323]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   83.582037][ T5323]  ? bpf_lsm_capable+0x9/0x20
[   83.585882][ T5323]  ? security_capable+0x7e/0x2c0
[   83.588358][ T5323]  genl_rcv_msg+0x61c/0x7a0
[   83.590135][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.592355][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   83.595101][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   83.598423][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   83.602163][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   83.605352][ T5323]  netlink_rcv_skb+0x232/0x4b0
[   83.608336][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.611293][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   83.614401][ T5323]  ? down_read+0x272/0x2e0
[   83.616662][ T5323]  ? genl_rcv+0xd/0x40
[   83.618613][ T5323]  genl_rcv+0x28/0x40
[   83.621023][ T5323]  netlink_unicast+0x80f/0x9b0
[   83.624113][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   83.627160][ T5323]  ? netlink_sendmsg+0x650/0xb40
[   83.629313][ T5323]  ? skb_put+0x11b/0x210
[   83.631260][ T5323]  netlink_sendmsg+0x813/0xb40
[   83.633540][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.636343][ T5323]  ? aa_sock_msg_perm+0xf1/0x1b0
[   83.638570][ T5323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   83.640724][ T5323]  ____sys_sendmsg+0x972/0x9f0
[   83.642963][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   83.645925][ T5323]  ? import_iovec+0x73/0xa0
[   83.648555][ T5323]  ___sys_sendmsg+0x2a5/0x360
[   83.650585][ T5323]  ? __pfx____sys_sendmsg+0x10/0x10
[   83.652936][ T5323]  ? futex_wake+0x4ac/0x580
[   83.655109][ T5323]  ? __fget_files+0x2a/0x420
[   83.657116][ T5323]  ? __fget_files+0x3a0/0x420
[   83.659422][ T5323]  __x64_sys_sendmsg+0x1bd/0x2a0
[   83.662061][ T5323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   83.664946][ T5323]  ? rcu_is_watching+0x15/0xb0
[   83.667024][ T5323]  do_syscall_64+0x14d/0xf80
[   83.668855][ T5323]  ? trace_irq_disable+0x3b/0x150
[   83.671022][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.673739][ T5323]  ? clear_bhb_loop+0x40/0x90
[   83.676555][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.679763][ T5323] RIP: 0033:0x7f425ad9c799
[   83.681870][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.690462][ T5323] RSP: 002b:00007f425bc50fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.694553][ T5323] RAX: ffffffffffffffda RBX: 00007f425b015fa0 RCX: 00007f425ad9c799
[   83.698302][ T5323] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000f
[   83.701916][ T5323] RBP: 00007f425ae32c99 R08: 0000000000000000 R09: 0000000000000000
[   83.705668][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.709430][ T5323] R13: 00007f425b016038 R14: 00007f425b015fa0 R15: 00007ffedb9346c8
[   83.713899][ T5323]  </TASK>
[   83.716565][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   83.720107][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   83.723800][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.727802][ T5323] Call Trace:
[   83.729419][ T5323]  <TASK>
[   83.730963][ T5323]  vpanic+0x56c/0xa60
[   83.733473][ T5323]  ? __pfx__printk+0x10/0x10
[   83.736065][ T5323]  ? __pfx_vpanic+0x10/0x10
[   83.738331][ T5323]  ? is_bpf_text_address+0x292/0x2b0
[   83.740796][ T5323]  ? is_bpf_text_address+0x26/0x2b0
[   83.743210][ T5323]  panic+0xc5/0xd0
[   83.745176][ T5323]  ? __pfx_panic+0x10/0x10
[   83.747832][ T5323]  __warn+0x315/0x4f0
[   83.750550][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   83.753007][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   83.755782][ T5323]  __report_bug+0x29a/0x540
[   83.757895][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[   83.760171][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   83.762751][ T5323]  ? __pfx___report_bug+0x10/0x10
[   83.765111][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   83.768196][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   83.770849][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   83.773688][ T5323]  report_bug+0x16a/0x220
[   83.775479][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   83.777790][ T5323]  ? rate_control_rate_init+0x64c/0x6e0
[   83.780314][ T5323]  handle_bug+0x9c/0x200
[   83.782274][ T5323]  exc_invalid_op+0x1a/0x50
[   83.784377][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   83.786655][ T5323] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   83.789469][ T5323] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 f3 a3 f6 90 0f 0b 90 eb e1 e8 c7 f3 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   83.797579][ T5323] RSP: 0018:ffffc9000dcf6f48 EFLAGS: 00010287
[   83.800046][ T5323] RAX: ffffffff8b21bcb9 RBX: ffff88801279c000 RCX: 0000000000100000
[   83.803804][ T5323] RDX: ffffc9000ecc2000 RSI: 0000000000000387 RDI: 0000000000000388
[   83.807082][ T5323] RBP: 0000000000000000 R08: ffffffff8b21b7d3 R09: ffffffff8e75e520
[   83.810219][ T5323] R10: dffffc0000000000 R11: ffffed10024f3831 R12: 1ffff110024f380a
[   83.814090][ T5323] R13: ffff888038998e80 R14: 0000000000000001 R15: ffffffff8b21b7d3
[   83.818627][ T5323]  ? rate_control_rate_init+0x163/0x6e0
[   83.821477][ T5323]  ? rate_control_rate_init+0x163/0x6e0
[   83.824094][ T5323]  ? rate_control_rate_init+0x649/0x6e0
[   83.826546][ T5323]  ? rate_control_rate_init+0x649/0x6e0
[   83.829179][ T5323]  rate_control_rate_init_all_links+0x109/0x1a0
[   83.832850][ T5323]  sta_apply_auth_flags+0x1c2/0x400
[   83.835724][ T5323]  sta_apply_parameters+0xea9/0x1620
[   83.837900][ T5323]  ieee80211_add_station+0x424/0x6a0
[   83.840073][ T5323]  rdev_add_station+0xfc/0x2c0
[   83.842369][ T5323]  nl80211_new_station+0x1864/0x1d30
[   83.844747][ T5323]  ? trace_contention_end+0x3d/0x150
[   83.847137][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   83.849806][ T5323]  ? __rtnl_unlock+0xc8/0xf0
[   83.852583][ T5323]  ? nl80211_pre_doit+0x4f1/0x930
[   83.855298][ T5323]  genl_family_rcv_msg_doit+0x22a/0x330
[   83.857650][ T5323]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   83.860434][ T5323]  ? bpf_lsm_capable+0x9/0x20
[   83.863021][ T5323]  ? security_capable+0x7e/0x2c0
[   83.865828][ T5323]  genl_rcv_msg+0x61c/0x7a0
[   83.868110][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.871047][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   83.873862][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   83.876367][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   83.878783][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   83.880907][ T5323]  netlink_rcv_skb+0x232/0x4b0
[   83.883042][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   83.885503][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   83.888191][ T5323]  ? down_read+0x272/0x2e0
[   83.890487][ T5323]  ? genl_rcv+0xd/0x40
[   83.892157][ T5323]  genl_rcv+0x28/0x40
[   83.893991][ T5323]  netlink_unicast+0x80f/0x9b0
[   83.896211][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   83.898546][ T5323]  ? netlink_sendmsg+0x650/0xb40
[   83.900750][ T5323]  ? skb_put+0x11b/0x210
[   83.902887][ T5323]  netlink_sendmsg+0x813/0xb40
[   83.905543][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   83.908766][ T5323]  ? aa_sock_msg_perm+0xf1/0x1b0
[   83.911075][ T5323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   83.913470][ T5323]  ____sys_sendmsg+0x972/0x9f0
[   83.915488][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   83.917473][ T5323]  ? import_iovec+0x73/0xa0
[   83.919303][ T5323]  ___sys_sendmsg+0x2a5/0x360
[   83.921348][ T5323]  ? __pfx____sys_sendmsg+0x10/0x10
[   83.924043][ T5323]  ? futex_wake+0x4ac/0x580
[   83.926652][ T5323]  ? __fget_files+0x2a/0x420
[   83.929158][ T5323]  ? __fget_files+0x3a0/0x420
[   83.931491][ T5323]  __x64_sys_sendmsg+0x1bd/0x2a0
[   83.933771][ T5323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   83.935925][ T5323]  ? rcu_is_watching+0x15/0xb0
[   83.937836][ T5323]  do_syscall_64+0x14d/0xf80
[   83.939848][ T5323]  ? trace_irq_disable+0x3b/0x150
[   83.941994][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.945692][ T5323]  ? clear_bhb_loop+0x40/0x90
[   83.948489][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.951378][ T5323] RIP: 0033:0x7f425ad9c799
[   83.953474][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.961811][ T5323] RSP: 002b:00007f425bc50fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.966253][ T5323] RAX: ffffffffffffffda RBX: 00007f425b015fa0 RCX: 00007f425ad9c799
[   83.969491][ T5323] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 000000000000000f
[   83.972724][ T5323] RBP: 00007f425ae32c99 R08: 0000000000000000 R09: 0000000000000000
[   83.976712][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.981745][ T5323] R13: 00007f425b016038 R14: 00007f425b015fa0 R15: 00007ffedb9346c8
[   83.985587][ T5323]  </TASK>
[   83.987186][ T5323] Kernel Offset: disabled
[   83.989176][ T5323] Rebooting in 86400 seconds..