program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x801, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x3c, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1000}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x50, r8, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x50}}, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x28, r8, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4011}, 0x0)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x118, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x105, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x20}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e8823f9f3cb639cfb05bc48c26c0a26237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf1374875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x118}], 0x1}, 0x0)

[   74.443663][ T5334] Bluetooth: hci0: command tx timeout
[   74.730193][ T5354] ------------[ cut here ]------------
[   74.746793][ T5354] WARNING: CPU: 0 PID: 5354 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[   74.762681][ T5354] Modules linked in:
[   74.764633][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.768844][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.796926][ T5354] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   74.812924][ T5354] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 a5 8c 00 cc e8 f2 36 cd f6 90 0f 0b 90 eb e1 e8 e7 36 cd f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   74.822625][ T5354] RSP: 0018:ffffc9000d46ef70 EFLAGS: 00010287
[   74.825580][ T5354] RAX: ffffffff8af28659 RBX: ffff888036098000 RCX: 0000000000100000
[   74.829017][ T5354] RDX: ffffc9000e1ea000 RSI: 000000000000037d RDI: 000000000000037e
[   74.851523][ T5354] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af28173
[   74.854764][ T5354] R10: dffffc0000000000 R11: ffffed1006c13031 R12: 1ffff11006c1300a
[   74.858303][ T5354] R13: ffff888052e10e40 R14: 0000000000000001 R15: ffffffff8af28173
[   74.885179][ T5354] FS:  00007fd8ea9086c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   74.890892][ T5354] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.894360][ T5354] CR2: 000055f6a3cfe660 CR3: 000000004034a000 CR4: 0000000000352ef0
[   74.898557][ T5354] Call Trace:
[   74.914353][ T5354]  <TASK>
[   74.915845][ T5354]  rate_control_rate_init_all_links+0x109/0x1a0
[   74.919466][ T5354]  sta_apply_auth_flags+0x1c2/0x400
[   74.922965][ T5354]  sta_apply_parameters+0xe4b/0x15b0
[   74.926805][ T5354]  ieee80211_add_station+0x424/0x6a0
[   74.933009][ T5354]  rdev_add_station+0x108/0x290
[   74.936362][ T5354]  nl80211_new_station+0x1755/0x1b70
[   74.955294][ T5354]  ? __pfx_nl80211_new_station+0x10/0x10
[   74.958128][ T5354]  ? netdev_run_todo+0xe1d/0xea0
[   74.960703][ T5354]  ? nl80211_pre_doit+0x4f1/0x930
[   74.963326][ T5354]  genl_family_rcv_msg_doit+0x215/0x300
[   74.965999][ T5354]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   74.970664][ T5354]  ? bpf_lsm_capable+0x9/0x20
[   74.986419][ T5354]  ? security_capable+0x7e/0x2e0
[   74.989434][ T5354]  genl_rcv_msg+0x60e/0x790
[   74.991315][ T5354]  ? __pfx_genl_rcv_msg+0x10/0x10
[   74.993369][ T5354]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   74.995533][ T5354]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.012865][ T5354]  ? __pfx_nl80211_post_doit+0x10/0x10
[   75.015144][ T5354]  ? __asan_memcpy+0x40/0x70
[   75.018255][ T5354]  ? __pfx_ref_tracker_free+0x10/0x10
[   75.024065][ T5354]  netlink_rcv_skb+0x205/0x470
[   75.029388][ T5354]  ? __lock_acquire+0xab9/0xd20
[   75.032206][ T5354]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.037955][ T5354]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.054732][ T5354]  ? down_read+0x1ad/0x2e0
[   75.056919][ T5354]  genl_rcv+0x28/0x40
[   75.058885][ T5354]  netlink_unicast+0x82f/0x9e0
[   75.061237][ T5354]  ? __pfx_netlink_unicast+0x10/0x10
[   75.064093][ T5354]  ? netlink_sendmsg+0x642/0xb30
[   75.066638][ T5354]  ? skb_put+0x11b/0x210
[   75.084602][ T5354]  netlink_sendmsg+0x805/0xb30
[   75.087295][ T5354]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.089771][ T5354]  ? aa_sock_msg_perm+0xf1/0x1d0
[   75.091975][ T5354]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.094370][ T5354]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.096816][ T5354]  __sock_sendmsg+0x21c/0x270
[   75.099034][ T5354]  ____sys_sendmsg+0x505/0x830
[   75.113390][ T5354]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.115868][ T5354]  ? import_iovec+0x74/0xa0
[   75.128639][ T5354]  ___sys_sendmsg+0x21f/0x2a0
[   75.130639][ T5354]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.132804][ T5354]  ? __fget_files+0x2a/0x420
[   75.134697][ T5354]  ? __fget_files+0x3a0/0x420
[   75.136844][ T5354]  __x64_sys_sendmsg+0x19b/0x260
[   75.139693][ T5354]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.142285][ T5354]  ? rcu_is_watching+0x15/0xb0
[   75.160692][ T5354]  ? do_syscall_64+0xbe/0x3b0
[   75.162847][ T5354]  do_syscall_64+0xfa/0x3b0
[   75.165119][ T5354]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.167566][ T5354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.179657][ T5354]  ? clear_bhb_loop+0x60/0xb0
[   75.181666][ T5354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.183986][ T5354] RIP: 0033:0x7fd8e998eec9
[   75.185928][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.214131][ T5354] RSP: 002b:00007fd8ea908038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.217669][ T5354] RAX: ffffffffffffffda RBX: 00007fd8e9be5fa0 RCX: 00007fd8e998eec9
[   75.221388][ T5354] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   75.224925][ T5354] RBP: 00007fd8e9a11f91 R08: 0000000000000000 R09: 0000000000000000
[   75.252793][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.256311][ T5354] R13: 00007fd8e9be6038 R14: 00007fd8e9be5fa0 R15: 00007ffcdae1f938
[   75.260018][ T5354]  </TASK>
[   75.261514][ T5354] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.264864][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.268858][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.301468][ T5354] Call Trace:
[   75.304255][ T5354]  <TASK>
[   75.315833][ T5354]  dump_stack_lvl+0x99/0x250
[   75.318669][ T5354]  ? __asan_memcpy+0x40/0x70
[   75.321332][ T5354]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.324368][ T5354]  ? __pfx__printk+0x10/0x10
[   75.331764][ T5354]  vpanic+0x281/0x750
[   75.336539][ T5354]  ? __pfx__printk+0x10/0x10
[   75.341579][ T5354]  ? __pfx_vpanic+0x10/0x10
[   75.343700][ T5354]  ? is_bpf_text_address+0x292/0x2b0
[   75.353064][ T5354]  panic+0xb9/0xc0
[   75.356809][ T5354]  ? __pfx_panic+0x10/0x10
[   75.358858][ T5354]  __warn+0x31b/0x4b0
[   75.367255][ T5354]  ? rate_control_rate_init+0x64a/0x6e0
[   75.379970][ T5354]  ? rate_control_rate_init+0x64a/0x6e0
[   75.382436][ T5354]  report_bug+0x2be/0x4f0
[   75.384323][ T5354]  ? rate_control_rate_init+0x64a/0x6e0
[   75.386702][ T5354]  ? rate_control_rate_init+0x64a/0x6e0
[   75.402365][ T5354]  ? rate_control_rate_init+0x64c/0x6e0
[   75.404793][ T5354]  handle_bug+0x84/0x160
[   75.420590][ T5354]  exc_invalid_op+0x1a/0x50
[   75.425168][ T5354]  asm_exc_invalid_op+0x1a/0x20
[   75.427364][ T5354] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   75.435257][ T5354] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 d8 a5 8c 00 cc e8 f2 36 cd f6 90 0f 0b 90 eb e1 e8 e7 36 cd f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   75.455274][ T5354] RSP: 0018:ffffc9000d46ef70 EFLAGS: 00010287
[   75.461207][ T5354] RAX: ffffffff8af28659 RBX: ffff888036098000 RCX: 0000000000100000
[   75.470744][ T5354] RDX: ffffc9000e1ea000 RSI: 000000000000037d RDI: 000000000000037e
[   75.474485][ T5354] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af28173
[   75.481894][ T5354] R10: dffffc0000000000 R11: ffffed1006c13031 R12: 1ffff11006c1300a
[   75.491417][ T5354] R13: ffff888052e10e40 R14: 0000000000000001 R15: ffffffff8af28173
[   75.494719][ T5354]  ? rate_control_rate_init+0x163/0x6e0
[   75.497061][ T5354]  ? rate_control_rate_init+0x163/0x6e0
[   75.518425][ T5354]  ? rate_control_rate_init+0x649/0x6e0
[   75.521071][ T5354]  rate_control_rate_init_all_links+0x109/0x1a0
[   75.524777][ T5354]  sta_apply_auth_flags+0x1c2/0x400
[   75.534303][ T5354]  sta_apply_parameters+0xe4b/0x15b0
[   75.536685][ T5354]  ieee80211_add_station+0x424/0x6a0
[   75.541487][ T5354]  rdev_add_station+0x108/0x290
[   75.544216][ T5354]  nl80211_new_station+0x1755/0x1b70
[   75.554064][ T5354]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.556388][ T5354]  ? netdev_run_todo+0xe1d/0xea0
[   75.565684][ T5354]  ? nl80211_pre_doit+0x4f1/0x930
[   75.569715][ T5354]  genl_family_rcv_msg_doit+0x215/0x300
[   75.581041][ T5354]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   75.583569][ T5354]  ? bpf_lsm_capable+0x9/0x20
[   75.585535][ T5354]  ? security_capable+0x7e/0x2e0
[   75.589156][ T5354]  genl_rcv_msg+0x60e/0x790
[   75.591383][ T5354]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.595545][ T5354]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   75.597994][ T5354]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.610857][ T5354]  ? __pfx_nl80211_post_doit+0x10/0x10
[   75.615232][ T5354]  ? __asan_memcpy+0x40/0x70
[   75.620010][ T5354]  ? __pfx_ref_tracker_free+0x10/0x10
[   75.625257][ T5354]  netlink_rcv_skb+0x205/0x470
[   75.628015][ T5354]  ? __lock_acquire+0xab9/0xd20
[   75.631285][ T5354]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.636787][ T5354]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.639223][ T5354]  ? down_read+0x1ad/0x2e0
[   75.641331][ T5354]  genl_rcv+0x28/0x40
[   75.656822][ T5354]  netlink_unicast+0x82f/0x9e0
[   75.659047][ T5354]  ? __pfx_netlink_unicast+0x10/0x10
[   75.667162][ T5354]  ? netlink_sendmsg+0x642/0xb30
[   75.670818][ T5354]  ? skb_put+0x11b/0x210
[   75.672818][ T5354]  netlink_sendmsg+0x805/0xb30
[   75.675153][ T5354]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.680707][ T5354]  ? aa_sock_msg_perm+0xf1/0x1d0
[   75.684938][ T5354]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.687314][ T5354]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.705720][ T5354]  __sock_sendmsg+0x21c/0x270
[   75.710923][ T5354]  ____sys_sendmsg+0x505/0x830
[   75.715855][ T5354]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.718572][ T5354]  ? import_iovec+0x74/0xa0
[   75.723128][ T5354]  ___sys_sendmsg+0x21f/0x2a0
[   75.727572][ T5354]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.733627][ T5354]  ? __fget_files+0x2a/0x420
[   75.737176][ T5354]  ? __fget_files+0x3a0/0x420
[   75.741043][ T5354]  __x64_sys_sendmsg+0x19b/0x260
[   75.748115][ T5354]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.752339][ T5354]  ? rcu_is_watching+0x15/0xb0
[   75.754954][ T5354]  ? do_syscall_64+0xbe/0x3b0
[   75.760978][ T5354]  do_syscall_64+0xfa/0x3b0
[   75.764470][ T5354]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.767190][ T5354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.772636][ T5354]  ? clear_bhb_loop+0x60/0xb0
[   75.775298][ T5354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.777932][ T5354] RIP: 0033:0x7fd8e998eec9
[   75.784175][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.796375][ T5354] RSP: 002b:00007fd8ea908038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.803887][ T5354] RAX: ffffffffffffffda RBX: 00007fd8e9be5fa0 RCX: 00007fd8e998eec9
[   75.807424][ T5354] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   75.815105][ T5354] RBP: 00007fd8e9a11f91 R08: 0000000000000000 R09: 0000000000000000
[   75.823951][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.827386][ T5354] R13: 00007fd8e9be6038 R14: 00007fd8e9be5fa0 R15: 00007ffcdae1f938
[   75.833761][ T5354]  </TASK>
[   75.837848][ T5354] Kernel Offset: disabled
[   75.841673][ T5354] Rebooting in 86400 seconds..