program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x60, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x50, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x34, 0x3, "7dd86dc9b7ffffc7961e64e816e2fa144f7707e5f7f6cbd498a6b1affd1a3a7027bb2a1535664f6c1793c8ab258d7f10"}, @NFTA_MATCH_NAME={0xe, 0x1, 'multiport\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0xb8}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000)
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r8, 0x80605414, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r10, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, 0x1410, 0x2, 0x70bd29, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20004040)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_IOAS_UNMAP(r9, 0x3b86, &(0x7f0000000100)={0x18, r11})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x44, r5, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

[  118.327207][ T5306] Bluetooth: hci0: command tx timeout
[  118.527979][ T5329] ------------[ cut here ]------------
[  118.530952][ T5329] !chanctx_conf
[  118.530968][ T5329] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5329
[  118.538522][ T5329] Modules linked in:
[  118.540974][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  118.545844][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  118.550848][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  118.554338][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c8 71 91 00 cc e8 42 07 a4 f6 90 0f 0b 90 eb e1 e8 37 07 a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  118.563447][ T5329] RSP: 0018:ffffc9000ef76f48 EFLAGS: 00010283
[  118.566761][ T5329] RAX: ffffffff8b21a6e9 RBX: ffff88800bb60000 RCX: 0000000000100000
[  118.570812][ T5329] RDX: ffffc90020001000 RSI: 000000000000043a RDI: 000000000000043b
[  118.575084][ T5329] RBP: 0000000000000000 R08: ffffffff8b21a203 R09: ffffffff8e75e420
[  118.579230][ T5329] R10: dffffc0000000000 R11: ffffed100176c031 R12: 1ffff1100176c00a
[  118.582605][ T5329] R13: ffff888043e98e80 R14: 0000000000000001 R15: ffffffff8b21a203
[  118.586064][ T5329] FS:  00007f0cc69f56c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  118.590969][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.594365][ T5329] CR2: 0000200000001080 CR3: 0000000040576000 CR4: 0000000000352ef0
[  118.598318][ T5329] Call Trace:
[  118.600047][ T5329]  <TASK>
[  118.601658][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[  118.605187][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[  118.607890][ T5329]  sta_apply_parameters+0xea9/0x1620
[  118.610430][ T5329]  ieee80211_add_station+0x424/0x6a0
[  118.613174][ T5329]  rdev_add_station+0xfc/0x2c0
[  118.616881][ T5329]  nl80211_new_station+0x1864/0x1d30
[  118.619756][ T5329]  ? trace_contention_end+0x3d/0x150
[  118.622257][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  118.624802][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[  118.627313][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[  118.630255][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[  118.633150][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  118.636706][ T5329]  ? bpf_lsm_capable+0x9/0x20
[  118.639330][ T5329]  ? security_capable+0x7e/0x2c0
[  118.642330][ T5329]  genl_rcv_msg+0x61c/0x7a0
[  118.644676][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  118.647231][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  118.649935][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  118.652839][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[  118.655876][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  118.658552][ T5329]  netlink_rcv_skb+0x232/0x4b0
[  118.661098][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  118.663501][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  118.666355][ T5329]  ? down_read+0x272/0x2e0
[  118.668754][ T5329]  ? genl_rcv+0xd/0x40
[  118.670779][ T5329]  genl_rcv+0x28/0x40
[  118.672692][ T5329]  netlink_unicast+0x80f/0x9b0
[  118.675004][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[  118.677919][ T5329]  ? netlink_sendmsg+0x650/0xb40
[  118.680500][ T5329]  ? skb_put+0x11b/0x210
[  118.682534][ T5329]  netlink_sendmsg+0x813/0xb40
[  118.684771][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  118.687409][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[  118.690411][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  118.693554][ T5329]  ____sys_sendmsg+0x972/0x9f0
[  118.696002][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  118.698492][ T5329]  ? import_iovec+0x73/0xa0
[  118.700629][ T5329]  ___sys_sendmsg+0x2a5/0x360
[  118.702799][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.705260][ T5329]  ? futex_wake+0x4ac/0x580
[  118.707904][ T5329]  ? __fget_files+0x2a/0x420
[  118.710517][ T5329]  ? __fget_files+0x3a0/0x420
[  118.712748][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[  118.715066][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  118.718391][ T5329]  ? rcu_is_watching+0x15/0xb0
[  118.720928][ T5329]  do_syscall_64+0x14d/0xf80
[  118.723115][ T5329]  ? trace_irq_disable+0x3b/0x150
[  118.725357][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.728024][ T5329]  ? clear_bhb_loop+0x40/0x90
[  118.730440][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.733727][ T5329] RIP: 0033:0x7f0cca59c799
[  118.736002][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.745039][ T5329] RSP: 002b:00007f0cc69f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.749206][ T5329] RAX: ffffffffffffffda RBX: 00007f0cca815fa0 RCX: 00007f0cca59c799
[  118.752919][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[  118.756820][ T5329] RBP: 00007f0cca632c99 R08: 0000000000000000 R09: 0000000000000000
[  118.761088][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.764866][ T5329] R13: 00007f0cca816038 R14: 00007f0cca815fa0 R15: 00007fff1cba3998
[  118.768776][ T5329]  </TASK>
[  118.770287][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  118.773419][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  118.777237][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  118.781902][ T5329] Call Trace:
[  118.783734][ T5329]  <TASK>
[  118.785591][ T5329]  vpanic+0x56c/0xa60
[  118.787861][ T5329]  ? __pfx__printk+0x10/0x10
[  118.790156][ T5329]  ? __pfx_vpanic+0x10/0x10
[  118.792317][ T5329]  ? is_bpf_text_address+0x292/0x2b0
[  118.794729][ T5329]  ? is_bpf_text_address+0x26/0x2b0
[  118.797183][ T5329]  panic+0xc5/0xd0
[  118.798913][ T5329]  ? __pfx_panic+0x10/0x10
[  118.801070][ T5329]  __warn+0x315/0x4f0
[  118.803725][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  118.807363][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  118.810110][ T5329]  __report_bug+0x29a/0x540
[  118.812171][ T5329]  ? lockdep_hardirqs_on+0x7a/0x110
[  118.814616][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  118.817611][ T5329]  ? __pfx___report_bug+0x10/0x10
[  118.820384][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  118.823927][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  118.826529][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  118.829047][ T5329]  report_bug+0x16a/0x220
[  118.830954][ T5329]  ? rate_control_rate_init+0x64a/0x6e0
[  118.833710][ T5329]  ? rate_control_rate_init+0x64c/0x6e0
[  118.836999][ T5329]  handle_bug+0x9c/0x200
[  118.839230][ T5329]  exc_invalid_op+0x1a/0x50
[  118.841957][ T5329]  asm_exc_invalid_op+0x1a/0x20
[  118.844239][ T5329] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  118.846983][ T5329] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c8 71 91 00 cc e8 42 07 a4 f6 90 0f 0b 90 eb e1 e8 37 07 a4 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  118.855942][ T5329] RSP: 0018:ffffc9000ef76f48 EFLAGS: 00010283
[  118.859816][ T5329] RAX: ffffffff8b21a6e9 RBX: ffff88800bb60000 RCX: 0000000000100000
[  118.864148][ T5329] RDX: ffffc90020001000 RSI: 000000000000043a RDI: 000000000000043b
[  118.868074][ T5329] RBP: 0000000000000000 R08: ffffffff8b21a203 R09: ffffffff8e75e420
[  118.871779][ T5329] R10: dffffc0000000000 R11: ffffed100176c031 R12: 1ffff1100176c00a
[  118.875354][ T5329] R13: ffff888043e98e80 R14: 0000000000000001 R15: ffffffff8b21a203
[  118.879150][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[  118.881669][ T5329]  ? rate_control_rate_init+0x163/0x6e0
[  118.884437][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[  118.887069][ T5329]  ? rate_control_rate_init+0x649/0x6e0
[  118.889913][ T5329]  rate_control_rate_init_all_links+0x109/0x1a0
[  118.893526][ T5329]  sta_apply_auth_flags+0x1c2/0x400
[  118.896678][ T5329]  sta_apply_parameters+0xea9/0x1620
[  118.899422][ T5329]  ieee80211_add_station+0x424/0x6a0
[  118.901976][ T5329]  rdev_add_station+0xfc/0x2c0
[  118.904336][ T5329]  nl80211_new_station+0x1864/0x1d30
[  118.906822][ T5329]  ? trace_contention_end+0x3d/0x150
[  118.909248][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  118.912402][ T5329]  ? __rtnl_unlock+0xc8/0xf0
[  118.915278][ T5329]  ? nl80211_pre_doit+0x4f1/0x930
[  118.917845][ T5329]  genl_family_rcv_msg_doit+0x22a/0x330
[  118.920508][ T5329]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  118.923376][ T5329]  ? bpf_lsm_capable+0x9/0x20
[  118.925492][ T5329]  ? security_capable+0x7e/0x2c0
[  118.928209][ T5329]  genl_rcv_msg+0x61c/0x7a0
[  118.930821][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  118.933386][ T5329]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  118.935753][ T5329]  ? __pfx_nl80211_new_station+0x10/0x10
[  118.938054][ T5329]  ? __pfx_nl80211_post_doit+0x10/0x10
[  118.940314][ T5329]  ? __lock_acquire+0x6b5/0x2cf0
[  118.942493][ T5329]  netlink_rcv_skb+0x232/0x4b0
[  118.944857][ T5329]  ? __pfx_genl_rcv_msg+0x10/0x10
[  118.948629][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  118.952015][ T5329]  ? down_read+0x272/0x2e0
[  118.953953][ T5329]  ? genl_rcv+0xd/0x40
[  118.955793][ T5329]  genl_rcv+0x28/0x40
[  118.957541][ T5329]  netlink_unicast+0x80f/0x9b0
[  118.959741][ T5329]  ? __pfx_netlink_unicast+0x10/0x10
[  118.962145][ T5329]  ? netlink_sendmsg+0x650/0xb40
[  118.964513][ T5329]  ? skb_put+0x11b/0x210
[  118.966638][ T5329]  netlink_sendmsg+0x813/0xb40
[  118.969369][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  118.972579][ T5329]  ? aa_sock_msg_perm+0xf1/0x1b0
[  118.974752][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  118.977129][ T5329]  ____sys_sendmsg+0x972/0x9f0
[  118.979628][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  118.982058][ T5329]  ? import_iovec+0x73/0xa0
[  118.984216][ T5329]  ___sys_sendmsg+0x2a5/0x360
[  118.986372][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.988817][ T5329]  ? futex_wake+0x4ac/0x580
[  118.991361][ T5329]  ? __fget_files+0x2a/0x420
[  118.994406][ T5329]  ? __fget_files+0x3a0/0x420
[  118.997426][ T5329]  __x64_sys_sendmsg+0x1bd/0x2a0
[  118.999841][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  119.002337][ T5329]  ? rcu_is_watching+0x15/0xb0
[  119.004651][ T5329]  do_syscall_64+0x14d/0xf80
[  119.006816][ T5329]  ? trace_irq_disable+0x3b/0x150
[  119.009118][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.011916][ T5329]  ? clear_bhb_loop+0x40/0x90
[  119.014412][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.017823][ T5329] RIP: 0033:0x7f0cca59c799
[  119.020408][ T5329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.028648][ T5329] RSP: 002b:00007f0cc69f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.032549][ T5329] RAX: ffffffffffffffda RBX: 00007f0cca815fa0 RCX: 00007f0cca59c799
[  119.036712][ T5329] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[  119.040428][ T5329] RBP: 00007f0cca632c99 R08: 0000000000000000 R09: 0000000000000000
[  119.043540][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.047200][ T5329] R13: 00007f0cca816038 R14: 00007f0cca815fa0 R15: 00007fff1cba3998
[  119.051454][ T5329]  </TASK>
[  119.054124][ T5329] Kernel Offset: disabled
[  119.056715][ T5329] Rebooting in 86400 seconds..