program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r6, 0x104, 0x5, 0x0, &(0x7f0000000080))
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x38, r4, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x8041}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r7=>0xffffffffffffffff})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r10=>0x0})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000000))
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r9, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

[   85.108664][   T45] Bluetooth: hci0: command tx timeout
[   85.282929][ T5323] ------------[ cut here ]------------
[   85.285790][ T5323] !chanctx_conf
[   85.285807][ T5323] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5323
[   85.293380][ T5323] Modules linked in:
[   85.295301][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.299630][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.304010][ T5323] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   85.306859][ T5323] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 12 f5 a3 f6 90 0f 0b 90 eb e1 e8 07 f5 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   85.316112][ T5323] RSP: 0018:ffffc90009ce6f48 EFLAGS: 00010283
[   85.318544][ T5323] RAX: ffffffff8b21ba79 RBX: ffff888011c60000 RCX: 0000000000100000
[   85.321970][ T5323] RDX: ffffc90020802000 RSI: 0000000000000457 RDI: 0000000000000458
[   85.325465][ T5323] RBP: 0000000000000000 R08: ffffffff8b21b593 R09: ffffffff8e75e460
[   85.329794][ T5323] R10: dffffc0000000000 R11: ffffed100238c031 R12: 1ffff1100238c00a
[   85.333212][ T5323] R13: ffff888042968e80 R14: 0000000000000001 R15: ffffffff8b21b593
[   85.336756][ T5323] FS:  00007ff4474ae6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   85.341824][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.344465][ T5323] CR2: 00007ff4474acf68 CR3: 0000000011b31000 CR4: 0000000000352ef0
[   85.347885][ T5323] Call Trace:
[   85.349501][ T5323]  <TASK>
[   85.350786][ T5323]  rate_control_rate_init_all_links+0x109/0x1a0
[   85.354097][ T5323]  sta_apply_auth_flags+0x1c2/0x400
[   85.357120][ T5323]  sta_apply_parameters+0xea9/0x1620
[   85.359631][ T5323]  ieee80211_add_station+0x424/0x6a0
[   85.361780][ T5323]  rdev_add_station+0xfc/0x2c0
[   85.363779][ T5323]  nl80211_new_station+0x1864/0x1d30
[   85.366145][ T5323]  ? trace_contention_end+0x3d/0x150
[   85.369560][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   85.372676][ T5323]  ? __rtnl_unlock+0xc8/0xf0
[   85.374909][ T5323]  ? nl80211_pre_doit+0x4f1/0x930
[   85.377221][ T5323]  genl_family_rcv_msg_doit+0x22a/0x330
[   85.379888][ T5323]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.382731][ T5323]  ? bpf_lsm_capable+0x9/0x20
[   85.385421][ T5323]  ? security_capable+0x7e/0x2c0
[   85.389000][ T5323]  genl_rcv_msg+0x61c/0x7a0
[   85.391501][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.393855][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   85.396945][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   85.399671][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   85.402236][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   85.404532][ T5323]  netlink_rcv_skb+0x232/0x4b0
[   85.406817][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.409406][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.412237][ T5323]  ? down_read+0x272/0x2e0
[   85.414571][ T5323]  ? genl_rcv+0xd/0x40
[   85.416567][ T5323]  genl_rcv+0x28/0x40
[   85.418484][ T5323]  netlink_unicast+0x80f/0x9b0
[   85.420728][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   85.423124][ T5323]  ? netlink_sendmsg+0x650/0xb40
[   85.425506][ T5323]  ? skb_put+0x11b/0x210
[   85.427681][ T5323]  netlink_sendmsg+0x813/0xb40
[   85.430487][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.433534][ T5323]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.435835][ T5323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.438211][ T5323]  ____sys_sendmsg+0x972/0x9f0
[   85.440745][ T5323]  ? futex_unqueue+0x211/0x240
[   85.443323][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.446519][ T5323]  ? import_iovec+0x73/0xa0
[   85.449128][ T5323]  ___sys_sendmsg+0x2a5/0x360
[   85.451449][ T5323]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.453832][ T5323]  ? futex_wait+0x29a/0x380
[   85.456087][ T5323]  ? __fget_files+0x2a/0x420
[   85.458418][ T5323]  ? __fget_files+0x3a0/0x420
[   85.460786][ T5323]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.462876][ T5323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.465410][ T5323]  ? rcu_is_watching+0x15/0xb0
[   85.467715][ T5323]  do_syscall_64+0x14d/0xf80
[   85.469886][ T5323]  ? trace_irq_disable+0x3b/0x150
[   85.472169][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.475100][ T5323]  ? clear_bhb_loop+0x40/0x90
[   85.477164][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.479659][ T5323] RIP: 0033:0x7ff44659c799
[   85.481490][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.490132][ T5323] RSP: 002b:00007ff4474adfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.493766][ T5323] RAX: ffffffffffffffda RBX: 00007ff446816090 RCX: 00007ff44659c799
[   85.497295][ T5323] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[   85.500782][ T5323] RBP: 00007ff446632c99 R08: 0000000000000000 R09: 0000000000000000
[   85.504029][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.507338][ T5323] R13: 00007ff446816128 R14: 00007ff446816090 R15: 00007ffe62bf06a8
[   85.511682][ T5323]  </TASK>
[   85.513512][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.517460][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.521436][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.526083][ T5323] Call Trace:
[   85.527683][ T5323]  <TASK>
[   85.529205][ T5323]  vpanic+0x56c/0xa60
[   85.531253][ T5323]  ? __pfx__printk+0x10/0x10
[   85.533967][ T5323]  ? __pfx_vpanic+0x10/0x10
[   85.536321][ T5323]  ? is_bpf_text_address+0x292/0x2b0
[   85.538760][ T5323]  ? is_bpf_text_address+0x26/0x2b0
[   85.541207][ T5323]  panic+0xc5/0xd0
[   85.543030][ T5323]  ? __pfx_panic+0x10/0x10
[   85.545603][ T5323]  __warn+0x315/0x4f0
[   85.548341][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   85.551463][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   85.554028][ T5323]  __report_bug+0x29a/0x540
[   85.556222][ T5323]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.558662][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   85.561266][ T5323]  ? __pfx___report_bug+0x10/0x10
[   85.563760][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   85.566501][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   85.569231][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   85.572149][ T5323]  report_bug+0x16a/0x220
[   85.574170][ T5323]  ? rate_control_rate_init+0x64a/0x6e0
[   85.576587][ T5323]  ? rate_control_rate_init+0x64c/0x6e0
[   85.579010][ T5323]  handle_bug+0x9c/0x200
[   85.580819][ T5323]  exc_invalid_op+0x1a/0x50
[   85.582960][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   85.586493][ T5323] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   85.589735][ T5323] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 12 f5 a3 f6 90 0f 0b 90 eb e1 e8 07 f5 a3 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   85.597708][ T5323] RSP: 0018:ffffc90009ce6f48 EFLAGS: 00010283
[   85.600406][ T5323] RAX: ffffffff8b21ba79 RBX: ffff888011c60000 RCX: 0000000000100000
[   85.604038][ T5323] RDX: ffffc90020802000 RSI: 0000000000000457 RDI: 0000000000000458
[   85.608336][ T5323] RBP: 0000000000000000 R08: ffffffff8b21b593 R09: ffffffff8e75e460
[   85.612041][ T5323] R10: dffffc0000000000 R11: ffffed100238c031 R12: 1ffff1100238c00a
[   85.615160][ T5323] R13: ffff888042968e80 R14: 0000000000000001 R15: ffffffff8b21b593
[   85.618520][ T5323]  ? rate_control_rate_init+0x163/0x6e0
[   85.620908][ T5323]  ? rate_control_rate_init+0x163/0x6e0
[   85.623305][ T5323]  ? rate_control_rate_init+0x649/0x6e0
[   85.625587][ T5323]  ? rate_control_rate_init+0x649/0x6e0
[   85.628294][ T5323]  rate_control_rate_init_all_links+0x109/0x1a0
[   85.631835][ T5323]  sta_apply_auth_flags+0x1c2/0x400
[   85.634578][ T5323]  sta_apply_parameters+0xea9/0x1620
[   85.636826][ T5323]  ieee80211_add_station+0x424/0x6a0
[   85.638771][ T5323]  rdev_add_station+0xfc/0x2c0
[   85.640722][ T5323]  nl80211_new_station+0x1864/0x1d30
[   85.642988][ T5323]  ? trace_contention_end+0x3d/0x150
[   85.645286][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   85.647795][ T5323]  ? __rtnl_unlock+0xc8/0xf0
[   85.649635][ T5323]  ? nl80211_pre_doit+0x4f1/0x930
[   85.651925][ T5323]  genl_family_rcv_msg_doit+0x22a/0x330
[   85.654956][ T5323]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   85.658845][ T5323]  ? bpf_lsm_capable+0x9/0x20
[   85.660923][ T5323]  ? security_capable+0x7e/0x2c0
[   85.663103][ T5323]  genl_rcv_msg+0x61c/0x7a0
[   85.665138][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.667430][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   85.669809][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   85.672366][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   85.675439][ T5323]  ? __lock_acquire+0x6b5/0x2cf0
[   85.678124][ T5323]  netlink_rcv_skb+0x232/0x4b0
[   85.680645][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   85.682880][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.685176][ T5323]  ? down_read+0x272/0x2e0
[   85.687093][ T5323]  ? genl_rcv+0xd/0x40
[   85.688865][ T5323]  genl_rcv+0x28/0x40
[   85.690762][ T5323]  netlink_unicast+0x80f/0x9b0
[   85.693273][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   85.696032][ T5323]  ? netlink_sendmsg+0x650/0xb40
[   85.698271][ T5323]  ? skb_put+0x11b/0x210
[   85.700263][ T5323]  netlink_sendmsg+0x813/0xb40
[   85.701998][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.704550][ T5323]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.707161][ T5323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.709816][ T5323]  ____sys_sendmsg+0x972/0x9f0
[   85.712041][ T5323]  ? futex_unqueue+0x211/0x240
[   85.714090][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.716806][ T5323]  ? import_iovec+0x73/0xa0
[   85.719216][ T5323]  ___sys_sendmsg+0x2a5/0x360
[   85.721519][ T5323]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.723831][ T5323]  ? futex_wait+0x29a/0x380
[   85.725843][ T5323]  ? __fget_files+0x2a/0x420
[   85.727903][ T5323]  ? __fget_files+0x3a0/0x420
[   85.730156][ T5323]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.732709][ T5323]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.735769][ T5323]  ? rcu_is_watching+0x15/0xb0
[   85.738117][ T5323]  do_syscall_64+0x14d/0xf80
[   85.740261][ T5323]  ? trace_irq_disable+0x3b/0x150
[   85.742758][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.745776][ T5323]  ? clear_bhb_loop+0x40/0x90
[   85.748257][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.751542][ T5323] RIP: 0033:0x7ff44659c799
[   85.753648][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.761980][ T5323] RSP: 002b:00007ff4474adfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.767011][ T5323] RAX: ffffffffffffffda RBX: 00007ff446816090 RCX: 00007ff44659c799
[   85.771166][ T5323] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[   85.774735][ T5323] RBP: 00007ff446632c99 R08: 0000000000000000 R09: 0000000000000000
[   85.778533][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.781949][ T5323] R13: 00007ff446816128 R14: 00007ff446816090 R15: 00007ffe62bf06a8
[   85.786272][ T5323]  </TASK>
[   85.788454][ T5323] Kernel Offset: disabled
[   85.790424][ T5323] Rebooting in 86400 seconds..