program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4)
bind$llc(r4, &(0x7f0000000040)={0x1a, 0x321, 0x0, 0x55, 0xe, 0x0, @local}, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000f000000080003001da80d6a4d26cea392715788cdc60821d788f9efa9131665273a1777e39b27ceac6f989fd08ed6dc6d672d05aa50e1bf5cb85f42915ad4109608f6dfef0482ffb6095dd5a8c943c7ec4cfd7d94ef7aa1c3855bb3cd07aaa3fba088db23ac76a2eeedb22f76f4050dfacb529df1896cd33b6a4218a4e15623606b51dc205abe9bab87ce42be178b8a5dd16f4c8f74e20ff3cb5f63bcb646ee78735885d5f532e9a4ce864f2bc88129a5f958588b7debbbda60441a5ab6e3f82e29fdf9bb9ac4f87668337cca364103461876fc", @ANYRES32=r6, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100080026006c09000008000c006400000008000d0000000000"], 0x5c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r10=>0x0})
fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x3c, r9, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002840)={0x4c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac, @device_b, @broadcast}}}]}, 0x4c}}, 0x0)

[  110.577462][ T4684] Bluetooth: hci0: command tx timeout
[  110.757993][ T5345] netlink: 64 bytes leftover after parsing attributes in process `syz.0.0'.
[  110.792243][ T5344] ------------[ cut here ]------------
[  110.796690][ T5344] !chanctx_conf
[  110.796709][ T5344] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5344
[  110.803806][ T5344] Modules linked in:
[  110.805743][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  110.810264][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  110.815370][ T5344] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  110.818150][ T5344] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 96 9b f6 90 0f 0b 90 eb e1 e8 f7 95 9b f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  110.827780][ T5344] RSP: 0018:ffffc9000f59efd8 EFLAGS: 00010283
[  110.830899][ T5344] RAX: ffffffff8b2a48c9 RBX: ffff888012970000 RCX: 0000000000100000
[  110.834362][ T5344] RDX: ffffc9000ec92000 RSI: 0000000000000385 RDI: 0000000000000386
[  110.837815][ T5344] RBP: 0000000000000000 R08: ffffffff8b2a43e3 R09: ffffffff8e95cce0
[  110.841535][ T5344] R10: dffffc0000000000 R11: ffffed100252e031 R12: 1ffff1100252e00a
[  110.845205][ T5344] R13: ffff8880418d0f20 R14: 0000000000000001 R15: ffffffff8b2a43e3
[  110.848705][ T5344] FS:  00007f3cd465b6c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[  110.852552][ T5344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  110.855534][ T5344] CR2: 00007ffd399d8020 CR3: 00000000389d8000 CR4: 0000000000352ef0
[  110.859016][ T5344] Call Trace:
[  110.860368][ T5344]  <TASK>
[  110.861738][ T5344]  rate_control_rate_init_all_links+0x109/0x1a0
[  110.864466][ T5344]  sta_apply_auth_flags+0x1c2/0x400
[  110.867917][ T5344]  sta_apply_parameters+0x1098/0x18a0
[  110.870543][ T5344]  ieee80211_add_station+0x3e6/0x710
[  110.872686][ T5344]  rdev_add_station+0xfc/0x290
[  110.874564][ T5344]  nl80211_new_station+0x1cab/0x2130
[  110.876679][ T5344]  ? __pfx_nl80211_new_station+0x10/0x10
[  110.879201][ T5344]  ? __rtnl_unlock+0xc8/0xf0
[  110.881272][ T5344]  genl_family_rcv_msg_doit+0x22a/0x330
[  110.884038][ T5344]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  110.887048][ T5344]  ? bpf_lsm_capable+0x9/0x20
[  110.889629][ T5344]  ? security_capable+0x7e/0x2c0
[  110.892100][ T5344]  genl_rcv_msg+0x61c/0x7a0
[  110.894291][ T5344]  ? __pfx_genl_rcv_msg+0x10/0x10
[  110.896728][ T5344]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  110.899862][ T5344]  ? __pfx_nl80211_new_station+0x10/0x10
[  110.902709][ T5344]  ? __pfx_nl80211_post_doit+0x10/0x10
[  110.905192][ T5344]  ? __pfx_ref_tracker_free+0x10/0x10
[  110.907386][ T5344]  ? __asan_memcpy+0x40/0x70
[  110.909264][ T5344]  ? __skb_clone+0x63/0x7a0
[  110.911339][ T5344]  netlink_rcv_skb+0x232/0x4b0
[  110.913512][ T5344]  ? __pfx_genl_rcv_msg+0x10/0x10
[  110.916514][ T5344]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  110.919409][ T5344]  ? down_read+0x270/0x2e0
[  110.921647][ T5344]  ? genl_rcv+0xd/0x40
[  110.923519][ T5344]  genl_rcv+0x28/0x40
[  110.925321][ T5344]  netlink_unicast+0x75c/0x8e0
[  110.927583][ T5344]  netlink_sendmsg+0x813/0xb40
[  110.930038][ T5344]  ? __pfx_netlink_sendmsg+0x10/0x10
[  110.933055][ T5344]  ? aa_sock_msg_perm+0xf1/0x1b0
[  110.935650][ T5344]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  110.937878][ T5344]  ____sys_sendmsg+0x972/0x9f0
[  110.940143][ T5344]  ? __might_fault+0xaf/0x130
[  110.942374][ T5344]  ? __pfx_____sys_sendmsg+0x10/0x10
[  110.945070][ T5344]  ? import_iovec+0x73/0xa0
[  110.947381][ T5344]  ___sys_sendmsg+0x2a5/0x360
[  110.950722][ T5344]  ? __lock_acquire+0x6b5/0x2cf0
[  110.953548][ T5344]  ? __pfx____sys_sendmsg+0x10/0x10
[  110.955968][ T5344]  ? futex_wake+0x4ac/0x580
[  110.957925][ T5344]  ? __fget_files+0x2a/0x420
[  110.960100][ T5344]  ? __fget_files+0x3a0/0x420
[  110.961984][ T5344]  __x64_sys_sendmsg+0x1bd/0x2a0
[  110.964297][ T5344]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  110.967274][ T5344]  ? rcu_is_watching+0x15/0xb0
[  110.970089][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.973025][ T5344]  do_syscall_64+0x15f/0xf80
[  110.975198][ T5344]  ? trace_irq_disable+0x3b/0x140
[  110.977343][ T5344]  ? clear_bhb_loop+0x40/0x90
[  110.979689][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.982950][ T5344] RIP: 0033:0x7f3cd379c819
[  110.985568][ T5344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  110.993879][ T5344] RSP: 002b:00007f3cd465afe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.997453][ T5344] RAX: ffffffffffffffda RBX: 00007f3cd3a15fa0 RCX: 00007f3cd379c819
[  111.001813][ T5344] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[  111.006086][ T5344] RBP: 00007f3cd3832c91 R08: 0000000000000000 R09: 0000000000000000
[  111.009576][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  111.013223][ T5344] R13: 00007f3cd3a16038 R14: 00007f3cd3a15fa0 R15: 00007ffcc3e9ef28
[  111.016951][ T5344]  </TASK>
[  111.018320][ T5344] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  111.022239][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  111.027289][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  111.032082][ T5344] Call Trace:
[  111.033519][ T5344]  <TASK>
[  111.034927][ T5344]  vpanic+0x56c/0xa60
[  111.036739][ T5344]  ? __pfx__printk+0x10/0x10
[  111.038585][ T5344]  ? __pfx_vpanic+0x10/0x10
[  111.040513][ T5344]  ? is_bpf_text_address+0x292/0x2b0
[  111.042980][ T5344]  ? is_bpf_text_address+0x26/0x2b0
[  111.045614][ T5344]  panic+0xc5/0xd0
[  111.047751][ T5344]  ? __pfx_panic+0x10/0x10
[  111.050052][ T5344]  __warn+0x315/0x4c0
[  111.051841][ T5344]  ? rate_control_rate_init+0x64a/0x6e0
[  111.054396][ T5344]  ? rate_control_rate_init+0x64a/0x6e0
[  111.057008][ T5344]  __report_bug+0x29a/0x540
[  111.059132][ T5344]  ? rate_control_rate_init+0x64a/0x6e0
[  111.061752][ T5344]  ? __pfx___report_bug+0x10/0x10
[  111.064105][ T5344]  ? __lock_acquire+0x6b5/0x2cf0
[  111.066352][ T5344]  ? __lock_acquire+0x6b5/0x2cf0
[  111.068892][ T5344]  ? rate_control_rate_init+0x64a/0x6e0
[  111.071870][ T5344]  report_bug+0x16a/0x220
[  111.074251][ T5344]  ? rate_control_rate_init+0x64a/0x6e0
[  111.076739][ T5344]  ? rate_control_rate_init+0x64c/0x6e0
[  111.079350][ T5344]  handle_bug+0x9c/0x200
[  111.081488][ T5344]  exc_invalid_op+0x1a/0x50
[  111.084697][ T5344]  asm_exc_invalid_op+0x1a/0x20
[  111.087745][ T5344] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  111.090799][ T5344] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 96 9b f6 90 0f 0b 90 eb e1 e8 f7 95 9b f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  111.099730][ T5344] RSP: 0018:ffffc9000f59efd8 EFLAGS: 00010283
[  111.103102][ T5344] RAX: ffffffff8b2a48c9 RBX: ffff888012970000 RCX: 0000000000100000
[  111.108200][ T5344] RDX: ffffc9000ec92000 RSI: 0000000000000385 RDI: 0000000000000386
[  111.111853][ T5344] RBP: 0000000000000000 R08: ffffffff8b2a43e3 R09: ffffffff8e95cce0
[  111.115531][ T5344] R10: dffffc0000000000 R11: ffffed100252e031 R12: 1ffff1100252e00a
[  111.119116][ T5344] R13: ffff8880418d0f20 R14: 0000000000000001 R15: ffffffff8b2a43e3
[  111.123268][ T5344]  ? rate_control_rate_init+0x163/0x6e0
[  111.126425][ T5344]  ? rate_control_rate_init+0x163/0x6e0
[  111.129179][ T5344]  ? rate_control_rate_init+0x649/0x6e0
[  111.131710][ T5344]  ? rate_control_rate_init+0x649/0x6e0
[  111.134309][ T5344]  rate_control_rate_init_all_links+0x109/0x1a0
[  111.137069][ T5344]  sta_apply_auth_flags+0x1c2/0x400
[  111.139618][ T5344]  sta_apply_parameters+0x1098/0x18a0
[  111.142655][ T5344]  ieee80211_add_station+0x3e6/0x710
[  111.145563][ T5344]  rdev_add_station+0xfc/0x290
[  111.148263][ T5344]  nl80211_new_station+0x1cab/0x2130
[  111.150664][ T5344]  ? __pfx_nl80211_new_station+0x10/0x10
[  111.153282][ T5344]  ? __rtnl_unlock+0xc8/0xf0
[  111.155529][ T5344]  genl_family_rcv_msg_doit+0x22a/0x330
[  111.158009][ T5344]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  111.160793][ T5344]  ? bpf_lsm_capable+0x9/0x20
[  111.163010][ T5344]  ? security_capable+0x7e/0x2c0
[  111.165401][ T5344]  genl_rcv_msg+0x61c/0x7a0
[  111.167823][ T5344]  ? __pfx_genl_rcv_msg+0x10/0x10
[  111.170497][ T5344]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  111.173245][ T5344]  ? __pfx_nl80211_new_station+0x10/0x10
[  111.176056][ T5344]  ? __pfx_nl80211_post_doit+0x10/0x10
[  111.178444][ T5344]  ? __pfx_ref_tracker_free+0x10/0x10
[  111.180729][ T5344]  ? __asan_memcpy+0x40/0x70
[  111.182856][ T5344]  ? __skb_clone+0x63/0x7a0
[  111.185337][ T5344]  netlink_rcv_skb+0x232/0x4b0
[  111.188451][ T5344]  ? __pfx_genl_rcv_msg+0x10/0x10
[  111.191684][ T5344]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  111.194292][ T5344]  ? down_read+0x270/0x2e0
[  111.196252][ T5344]  ? genl_rcv+0xd/0x40
[  111.198102][ T5344]  genl_rcv+0x28/0x40
[  111.200016][ T5344]  netlink_unicast+0x75c/0x8e0
[  111.202123][ T5344]  netlink_sendmsg+0x813/0xb40
[  111.204252][ T5344]  ? __pfx_netlink_sendmsg+0x10/0x10
[  111.206670][ T5344]  ? aa_sock_msg_perm+0xf1/0x1b0
[  111.209058][ T5344]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  111.212138][ T5344]  ____sys_sendmsg+0x972/0x9f0
[  111.215157][ T5344]  ? __might_fault+0xaf/0x130
[  111.217516][ T5344]  ? __pfx_____sys_sendmsg+0x10/0x10
[  111.220035][ T5344]  ? import_iovec+0x73/0xa0
[  111.222185][ T5344]  ___sys_sendmsg+0x2a5/0x360
[  111.224275][ T5344]  ? __lock_acquire+0x6b5/0x2cf0
[  111.226614][ T5344]  ? __pfx____sys_sendmsg+0x10/0x10
[  111.228942][ T5344]  ? futex_wake+0x4ac/0x580
[  111.231281][ T5344]  ? __fget_files+0x2a/0x420
[  111.234114][ T5344]  ? __fget_files+0x3a0/0x420
[  111.236738][ T5344]  __x64_sys_sendmsg+0x1bd/0x2a0
[  111.238977][ T5344]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  111.241317][ T5344]  ? rcu_is_watching+0x15/0xb0
[  111.243337][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.245954][ T5344]  do_syscall_64+0x15f/0xf80
[  111.248059][ T5344]  ? trace_irq_disable+0x3b/0x140
[  111.251266][ T5344]  ? clear_bhb_loop+0x40/0x90
[  111.254129][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.256893][ T5344] RIP: 0033:0x7f3cd379c819
[  111.258895][ T5344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  111.268068][ T5344] RSP: 002b:00007f3cd465afe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  111.272229][ T5344] RAX: ffffffffffffffda RBX: 00007f3cd3a15fa0 RCX: 00007f3cd379c819
[  111.275693][ T5344] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[  111.279055][ T5344] RBP: 00007f3cd3832c91 R08: 0000000000000000 R09: 0000000000000000
[  111.283253][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  111.288685][ T5344] R13: 00007f3cd3a16038 R14: 00007f3cd3a15fa0 R15: 00007ffcc3e9ef28
[  111.292067][ T5344]  </TASK>
[  111.293613][ T5344] Kernel Offset: disabled
[  111.295469][ T5344] Rebooting in 86400 seconds..