program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='4', 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0x0)
add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="cd", 0x1, 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
r5 = syz_open_dev$vcsn(&(0x7f00000002c0), 0xb9, 0x4a2000)
close_range(r5, r0, 0x2)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r3, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r10, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

[   84.095969][ T4669] Bluetooth: hci0: command tx timeout
[   84.223796][ T5329] ------------[ cut here ]------------
[   84.226774][ T5329] !chanctx_conf
[   84.226792][ T5329] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5329
[   84.234937][ T5329] Modules linked in:
[   84.237396][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.242078][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.247166][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   84.250679][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 75 91 00 cc e8 22 ec a3 f6 90 0f 0b 90 eb e1 e8 17 ec a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   84.260889][ T5329] RSP: 0018:ffffc9000e1b6f48 EFLAGS: 00010283
[   84.264525][ T5329] RAX: ffffffff8b21c369 RBX: ffff88801a9c4000 RCX: 0000000000100000
[   84.269613][ T5329] RDX: ffffc9000ec9a000 RSI: 00000000000003c7 RDI: 00000000000003c8
[   84.273313][ T5329] RBP: 0000000000000000 R08: ffffffff8b21be83 R09: ffffffff8e75e460
[   84.277862][ T5329] R10: dffffc0000000000 R11: ffffed1003538831 R12: 1ffff1100353880a
[   84.282197][ T5329] R13: ffff8880387a0e80 R14: 0000000000000001 R15: ffffffff8b21be83
[   84.285979][ T5329] FS:  00007f70a4df56c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   84.292514][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.297181][ T5329] CR2: 00005564d236c168 CR3: 0000000012ac7000 CR4: 0000000000352ef0
[   84.301812][ T5329] Call Trace:
[   84.304111][ T5329]  <TASK>
[   84.305923][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[   84.309643][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[   84.312203][ T5329]  sta_apply_parameters+0xea9/0x1620
[   84.315089][ T5329]  ieee80211_add_station+0x424/0x6a0
[   84.319040][ T5329]  rdev_add_station+0xfc/0x2c0
[   84.321525][ T5329]  nl80211_new_station+0x1864/0x1d30
[   84.323947][ T5329]  ? trace_contention_end+0x3d/0x150
[   84.326471][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[   84.329922][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[   84.332352][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[   84.335083][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[   84.338515][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   84.341590][ T5329]  ? bpf_lsm_capable+0x9/0x20
[   84.344704][ T5329]  ? security_capable+0x7e/0x2c0
[   84.348265][ T5329]  genl_rcv_msg+0x61c/0x7a0
[   84.350369][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[   84.352745][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   84.355309][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[   84.358976][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[   84.361958][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[   84.364457][ T5329]  netlink_rcv_skb+0x232/0x4b0
[   84.366912][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[   84.370017][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   84.372792][ T5329]  ? down_read+0x272/0x2e0
[   84.374883][ T5329]  ? genl_rcv+0xd/0x40
[   84.376836][ T5329]  genl_rcv+0x28/0x40
[   84.379190][ T5329]  netlink_unicast+0x80f/0x9b0
[   84.381991][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[   84.384681][ T5329]  ? netlink_sendmsg+0x650/0xb40
[   84.387064][ T5329]  ? skb_put+0x11b/0x210
[   84.389273][ T5329]  netlink_sendmsg+0x813/0xb40
[   84.391785][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.395337][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[   84.397954][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   84.400883][ T5329]  ____sys_sendmsg+0x972/0x9f0
[   84.403434][ T5329]  ? futex_unqueue+0x211/0x240
[   84.405944][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[   84.408533][ T5329]  ? import_iovec+0x73/0xa0
[   84.410838][ T5329]  ___sys_sendmsg+0x2a5/0x360
[   84.413346][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[   84.416006][ T5329]  ? futex_wait+0x29a/0x380
[   84.418425][ T5329]  ? __fget_files+0x2a/0x420
[   84.420757][ T5329]  ? __fget_files+0x3a0/0x420
[   84.423485][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[   84.426351][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   84.429051][ T5329]  ? rcu_is_watching+0x15/0xb0
[   84.431376][ T5329]  do_syscall_64+0x14d/0xf80
[   84.434138][ T5329]  ? trace_irq_disable+0x3b/0x150
[   84.437031][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.441126][ T5329]  ? clear_bhb_loop+0x40/0x90
[   84.443576][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.446786][ T5329] RIP: 0033:0x7f70a899c799
[   84.449249][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.458113][ T5329] RSP: 002b:00007f70a4df4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.461930][ T5329] RAX: ffffffffffffffda RBX: 00007f70a8c15fa0 RCX: 00007f70a899c799
[   84.465540][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[   84.469706][ T5329] RBP: 00007f70a8a32c99 R08: 0000000000000000 R09: 0000000000000000
[   84.474132][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.477781][ T5329] R13: 00007f70a8c16038 R14: 00007f70a8c15fa0 R15: 00007ffee0fb07a8
[   84.481678][ T5329]  </TASK>
[   84.483600][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.487365][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.491602][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.496880][ T5329] Call Trace:
[   84.498583][ T5329]  <TASK>
[   84.499983][ T5329]  vpanic+0x56c/0xa60
[   84.501859][ T5329]  ? __pfx__printk+0x10/0x10
[   84.504349][ T5329]  ? __pfx_vpanic+0x10/0x10
[   84.506982][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[   84.509526][ T5329]  ? is_bpf_text_address+0x26/0x2b0
[   84.511837][ T5329]  panic+0xc5/0xd0
[   84.513609][ T5329]  ? __pfx_panic+0x10/0x10
[   84.515827][ T5329]  __warn+0x315/0x4f0
[   84.517877][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[   84.520982][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[   84.523751][ T5329]  __report_bug+0x29a/0x540
[   84.525867][ T5329]  ? lockdep_hardirqs_on+0x7a/0x110
[   84.528333][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[   84.531376][ T5329]  ? __pfx___report_bug+0x10/0x10
[   84.533811][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[   84.536418][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[   84.538874][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[   84.541545][ T5329]  report_bug+0x16a/0x220
[   84.543971][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[   84.546844][ T5329]  ? rate_control_rate_init+0x64c/0x6e0
[   84.549377][ T5329]  handle_bug+0x9c/0x200
[   84.551526][ T5329]  exc_invalid_op+0x1a/0x50
[   84.554071][ T5329]  asm_exc_invalid_op+0x1a/0x20
[   84.556978][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   84.559887][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 75 91 00 cc e8 22 ec a3 f6 90 0f 0b 90 eb e1 e8 17 ec a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   84.569373][ T5329] RSP: 0018:ffffc9000e1b6f48 EFLAGS: 00010283
[   84.572210][ T5329] RAX: ffffffff8b21c369 RBX: ffff88801a9c4000 RCX: 0000000000100000
[   84.576405][ T5329] RDX: ffffc9000ec9a000 RSI: 00000000000003c7 RDI: 00000000000003c8
[   84.580442][ T5329] RBP: 0000000000000000 R08: ffffffff8b21be83 R09: ffffffff8e75e460
[   84.583706][ T5329] R10: dffffc0000000000 R11: ffffed1003538831 R12: 1ffff1100353880a
[   84.587102][ T5329] R13: ffff8880387a0e80 R14: 0000000000000001 R15: ffffffff8b21be83
[   84.591414][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[   84.594069][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[   84.596662][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[   84.599420][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[   84.602579][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[   84.605688][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[   84.608053][ T5329]  sta_apply_parameters+0xea9/0x1620
[   84.610484][ T5329]  ieee80211_add_station+0x424/0x6a0
[   84.613149][ T5329]  rdev_add_station+0xfc/0x2c0
[   84.615892][ T5329]  nl80211_new_station+0x1864/0x1d30
[   84.618601][ T5329]  ? trace_contention_end+0x3d/0x150
[   84.621214][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[   84.624045][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[   84.626513][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[   84.629102][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[   84.631699][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   84.634560][ T5329]  ? bpf_lsm_capable+0x9/0x20
[   84.636797][ T5329]  ? security_capable+0x7e/0x2c0
[   84.639491][ T5329]  genl_rcv_msg+0x61c/0x7a0
[   84.641811][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[   84.643945][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   84.646107][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[   84.648361][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[   84.651253][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[   84.653866][ T5329]  netlink_rcv_skb+0x232/0x4b0
[   84.656390][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[   84.658856][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   84.661363][ T5329]  ? down_read+0x272/0x2e0
[   84.663681][ T5329]  ? genl_rcv+0xd/0x40
[   84.666128][ T5329]  genl_rcv+0x28/0x40
[   84.667781][ T5329]  netlink_unicast+0x80f/0x9b0
[   84.669787][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[   84.672169][ T5329]  ? netlink_sendmsg+0x650/0xb40
[   84.674236][ T5329]  ? skb_put+0x11b/0x210
[   84.676286][ T5329]  netlink_sendmsg+0x813/0xb40
[   84.678407][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.680576][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[   84.682725][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   84.684942][ T5329]  ____sys_sendmsg+0x972/0x9f0
[   84.687930][ T5329]  ? futex_unqueue+0x211/0x240
[   84.690580][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[   84.693332][ T5329]  ? import_iovec+0x73/0xa0
[   84.695629][ T5329]  ___sys_sendmsg+0x2a5/0x360
[   84.697883][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[   84.700561][ T5329]  ? futex_wait+0x29a/0x380
[   84.703061][ T5329]  ? __fget_files+0x2a/0x420
[   84.705519][ T5329]  ? __fget_files+0x3a0/0x420
[   84.707866][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[   84.710467][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   84.713444][ T5329]  ? rcu_is_watching+0x15/0xb0
[   84.715999][ T5329]  do_syscall_64+0x14d/0xf80
[   84.718313][ T5329]  ? trace_irq_disable+0x3b/0x150
[   84.720768][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.723949][ T5329]  ? clear_bhb_loop+0x40/0x90
[   84.726799][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.729717][ T5329] RIP: 0033:0x7f70a899c799
[   84.731818][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.740777][ T5329] RSP: 002b:00007f70a4df4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.744224][ T5329] RAX: ffffffffffffffda RBX: 00007f70a8c15fa0 RCX: 00007f70a899c799
[   84.747939][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[   84.751816][ T5329] RBP: 00007f70a8a32c99 R08: 0000000000000000 R09: 0000000000000000
[   84.755544][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.759478][ T5329] R13: 00007f70a8c16038 R14: 00007f70a8c15fa0 R15: 00007ffee0fb07a8
[   84.763421][ T5329]  </TASK>
[   84.765272][ T5329] Kernel Offset: disabled
[   84.767517][ T5329] Rebooting in 86400 seconds..