program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r2, @ANYBLOB="28000e0080000000ffffffffffff02110000010000000000000000000064000100080026006c09000008000c006400000008000d0000000000"], 0x5c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x44, r4, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi2\x00', 0x0, 0x0) (async)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi2\x00', 0x0, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x44}}, 0x8000) (async)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x44}}, 0x8000)

[  108.552352][ T5305] Bluetooth: hci0: command tx timeout
[  108.686746][ T5328] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.705739][ T5329] ------------[ cut here ]------------
[  108.709024][ T5329] !chanctx_conf
[  108.709040][ T5329] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5329
[  108.715724][ T5329] Modules linked in:
[  108.718103][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  108.722425][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  108.727270][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  108.730678][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 75 91 00 cc e8 22 ec a3 f6 90 0f 0b 90 eb e1 e8 17 ec a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  108.740352][ T5329] RSP: 0018:ffffc9000f66ef48 EFLAGS: 00010293
[  108.743923][ T5329] RAX: ffffffff8b21c369 RBX: ffff888042520000 RCX: ffff8880442724c0
[  108.748385][ T5329] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  108.752070][ T5329] RBP: 0000000000000000 R08: ffffffff8b21be83 R09: ffffffff8e75e460
[  108.755823][ T5329] R10: dffffc0000000000 R11: ffffed10084a4031 R12: 1ffff110084a400a
[  108.759748][ T5329] R13: ffff888012748e80 R14: 0000000000000001 R15: ffffffff8b21be83
[  108.764382][ T5329] FS:  00007fe95b5f56c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  108.769198][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  108.772351][ T5329] CR2: 0000200000001080 CR3: 0000000043791000 CR4: 0000000000352ef0
[  108.776158][ T5329] Call Trace:
[  108.777970][ T5329]  <TASK>
[  108.779518][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[  108.784205][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[  108.787651][ T5329]  sta_apply_parameters+0xea9/0x1620
[  108.790223][ T5329]  ieee80211_add_station+0x424/0x6a0
[  108.792693][ T5329]  rdev_add_station+0xfc/0x2c0
[  108.795043][ T5329]  nl80211_new_station+0x1864/0x1d30
[  108.797696][ T5329]  ? trace_contention_end+0x3d/0x150
[  108.800156][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  108.802681][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[  108.805104][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[  108.807960][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[  108.811489][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  108.814506][ T5329]  ? bpf_lsm_capable+0x9/0x20
[  108.816641][ T5329]  ? security_capable+0x7e/0x2c0
[  108.820991][ T5329]  genl_rcv_msg+0x61c/0x7a0
[  108.823803][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  108.826518][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  108.829111][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  108.831707][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[  108.834202][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  108.836589][ T5329]  netlink_rcv_skb+0x232/0x4b0
[  108.839009][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  108.841659][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  108.845583][ T5329]  ? down_read+0x272/0x2e0
[  108.847930][ T5329]  ? genl_rcv+0xd/0x40
[  108.849960][ T5329]  genl_rcv+0x28/0x40
[  108.851974][ T5329]  netlink_unicast+0x80f/0x9b0
[  108.854406][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[  108.857268][ T5329]  ? netlink_sendmsg+0x650/0xb40
[  108.859650][ T5329]  ? skb_put+0x11b/0x210
[  108.861638][ T5329]  netlink_sendmsg+0x813/0xb40
[  108.863877][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.866274][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[  108.868889][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  108.871971][ T5329]  ____sys_sendmsg+0x972/0x9f0
[  108.875005][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  108.877543][ T5329]  ? import_iovec+0x73/0xa0
[  108.879560][ T5329]  ___sys_sendmsg+0x2a5/0x360
[  108.881690][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[  108.884038][ T5329]  ? futex_wake+0x4ac/0x580
[  108.886103][ T5329]  ? __fget_files+0x2a/0x420
[  108.888348][ T5329]  ? __fget_files+0x3a0/0x420
[  108.890808][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[  108.893375][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  108.896180][ T5329]  ? rcu_is_watching+0x15/0xb0
[  108.899068][ T5329]  do_syscall_64+0x14d/0xf80
[  108.901273][ T5329]  ? trace_irq_disable+0x3b/0x150
[  108.903677][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.907217][ T5329]  ? clear_bhb_loop+0x40/0x90
[  108.910248][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.913541][ T5329] RIP: 0033:0x7fe95f19c799
[  108.915565][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  108.924855][ T5329] RSP: 002b:00007fe95b5f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.929367][ T5329] RAX: ffffffffffffffda RBX: 00007fe95f416090 RCX: 00007fe95f19c799
[  108.933067][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[  108.936878][ T5329] RBP: 00007fe95f232c99 R08: 0000000000000000 R09: 0000000000000000
[  108.941278][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  108.945775][ T5329] R13: 00007fe95f416128 R14: 00007fe95f416090 R15: 00007ffc4853efa8
[  108.949388][ T5329]  </TASK>
[  108.950895][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  108.954424][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  108.959040][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  108.964151][ T5329] Call Trace:
[  108.965736][ T5329]  <TASK>
[  108.967199][ T5329]  vpanic+0x56c/0xa60
[  108.969183][ T5329]  ? __pfx__printk+0x10/0x10
[  108.971942][ T5329]  ? __pfx_vpanic+0x10/0x10
[  108.974605][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[  108.977131][ T5329]  ? is_bpf_text_address+0x26/0x2b0
[  108.979300][ T5329]  panic+0xc5/0xd0
[  108.980935][ T5329]  ? __pfx_panic+0x10/0x10
[  108.982843][ T5329]  __warn+0x315/0x4f0
[  108.984581][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  108.987293][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  108.990715][ T5329]  __report_bug+0x29a/0x540
[  108.993351][ T5329]  ? lockdep_hardirqs_on+0x7a/0x110
[  108.995874][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  108.998485][ T5329]  ? __pfx___report_bug+0x10/0x10
[  109.000782][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  109.003078][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  109.005780][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  109.008805][ T5329]  report_bug+0x16a/0x220
[  109.010895][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  109.013374][ T5329]  ? rate_control_rate_init+0x64c/0x6e0
[  109.015940][ T5329]  handle_bug+0x9c/0x200
[  109.018184][ T5329]  exc_invalid_op+0x1a/0x50
[  109.020711][ T5329]  asm_exc_invalid_op+0x1a/0x20
[  109.023135][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  109.026089][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 48 75 91 00 cc e8 22 ec a3 f6 90 0f 0b 90 eb e1 e8 17 ec a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  109.035698][ T5329] RSP: 0018:ffffc9000f66ef48 EFLAGS: 00010293
[  109.038511][ T5329] RAX: ffffffff8b21c369 RBX: ffff888042520000 RCX: ffff8880442724c0
[  109.042331][ T5329] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  109.046855][ T5329] RBP: 0000000000000000 R08: ffffffff8b21be83 R09: ffffffff8e75e460
[  109.050905][ T5329] R10: dffffc0000000000 R11: ffffed10084a4031 R12: 1ffff110084a400a
[  109.054519][ T5329] R13: ffff888012748e80 R14: 0000000000000001 R15: ffffffff8b21be83
[  109.058406][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[  109.061371][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[  109.064322][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[  109.066763][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[  109.069219][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[  109.072034][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[  109.074976][ T5329]  sta_apply_parameters+0xea9/0x1620
[  109.078003][ T5329]  ieee80211_add_station+0x424/0x6a0
[  109.080703][ T5329]  rdev_add_station+0xfc/0x2c0
[  109.082885][ T5329]  nl80211_new_station+0x1864/0x1d30
[  109.085219][ T5329]  ? trace_contention_end+0x3d/0x150
[  109.087777][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  109.090714][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[  109.093265][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[  109.095692][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[  109.098273][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  109.101048][ T5329]  ? bpf_lsm_capable+0x9/0x20
[  109.103911][ T5329]  ? security_capable+0x7e/0x2c0
[  109.107146][ T5329]  genl_rcv_msg+0x61c/0x7a0
[  109.109377][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  109.111643][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  109.114166][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  109.116751][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[  109.119160][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  109.121595][ T5329]  netlink_rcv_skb+0x232/0x4b0
[  109.124094][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  109.127058][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  109.129752][ T5329]  ? down_read+0x272/0x2e0
[  109.131761][ T5329]  ? genl_rcv+0xd/0x40
[  109.133660][ T5329]  genl_rcv+0x28/0x40
[  109.135473][ T5329]  netlink_unicast+0x80f/0x9b0
[  109.137769][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[  109.140434][ T5329]  ? netlink_sendmsg+0x650/0xb40
[  109.143166][ T5329]  ? skb_put+0x11b/0x210
[  109.145346][ T5329]  netlink_sendmsg+0x813/0xb40
[  109.147588][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  109.150011][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[  109.152403][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  109.155218][ T5329]  ____sys_sendmsg+0x972/0x9f0
[  109.158012][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  109.160538][ T5329]  ? import_iovec+0x73/0xa0
[  109.162581][ T5329]  ___sys_sendmsg+0x2a5/0x360
[  109.164728][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[  109.167100][ T5329]  ? futex_wake+0x4ac/0x580
[  109.169393][ T5329]  ? __fget_files+0x2a/0x420
[  109.171889][ T5329]  ? __fget_files+0x3a0/0x420
[  109.174649][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[  109.177274][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  109.179937][ T5329]  ? rcu_is_watching+0x15/0xb0
[  109.182107][ T5329]  do_syscall_64+0x14d/0xf80
[  109.184282][ T5329]  ? trace_irq_disable+0x3b/0x150
[  109.186626][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.189706][ T5329]  ? clear_bhb_loop+0x40/0x90
[  109.192968][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.196181][ T5329] RIP: 0033:0x7fe95f19c799
[  109.198335][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  109.207160][ T5329] RSP: 002b:00007fe95b5f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  109.212213][ T5329] RAX: ffffffffffffffda RBX: 00007fe95f416090 RCX: 00007fe95f19c799
[  109.216382][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000006
[  109.220048][ T5329] RBP: 00007fe95f232c99 R08: 0000000000000000 R09: 0000000000000000
[  109.223777][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  109.227579][ T5329] R13: 00007fe95f416128 R14: 00007fe95f416090 R15: 00007ffc4853efa8
[  109.231990][ T5329]  </TASK>
[  109.234156][ T5329] Kernel Offset: disabled
[  109.236255][ T5329] Rebooting in 86400 seconds..