tc action pedit 'at' offset 8680 out of bounds
------------[ cut here ]------------
status->rate_idx >= sband->n_bitrates
WARNING: net/mac80211/rx.c:5624 at ieee80211_rx_list+0x29b4/0x3740, CPU#0: kworker/0:10/6721
Modules linked in:
CPU: 0 UID: 0 PID: 6721 Comm: kworker/0:10 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: mld mld_ifc_work
RIP: 0010:ieee80211_rx_list+0x29b4/0x3740
Code: 54 fe 48 85 c0 49 bd 00 00 00 00 00 fc ff df 48 8b 5c 24 28 0f 84 94 08 00 00 e8 e7 12 a4 f6 e9 ad e4 ff ff e8 dd 12 a4 f6 90 <0f> 0b 90 e9 a8 de ff ff e8 cf 12 a4 f6 90 0f 0b 90 e9 e6 02 00 00
RSP: 0018:ffffc90000007b60 EFLAGS: 00010246
RAX: ffffffff8b21ac93 RBX: 0000000000000037 RCX: ffff8881091a9d80
RDX: 0000000000000100 RSI: 0000000000000037 RDI: 000000000000000c
RBP: ffffc90000007dd0 R08: ffff8881091a9d80 R09: 0000000000000006
R10: 0000000000000005 R11: 0000000000000100 R12: ffff888026f5e780
R13: dffffc0000000000 R14: ffff88811e823248 R15: 000000000000000c
FS:  0000000000000000(0000) GS:ffff88818dc87000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f342adea4c0 CR3: 00000001a8c1c000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 ieee80211_rx_napi+0x1b1/0x3e0
 ieee80211_handle_queued_frames+0xe8/0x1e0
 tasklet_action_common+0x2da/0x4b0
 handle_softirqs+0x22a/0x840
 do_softirq+0x76/0xd0
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x130
 __alloc_skb+0x1aa/0x7d0
 mld_newpack+0x14c/0xc90
 add_grhead+0x5a/0x2a0
 add_grec+0x1452/0x1740
 mld_ifc_work+0x6e6/0xe70
 process_scheduled_works+0xb5d/0x1860
 worker_thread+0xa53/0xfc0
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
