program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0xd0, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x99, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x67, {0x9, 0x37, 0x8, "5cdcc11cdfedeee4cc2bab04232f2409a9a37b75785041c5507e7e06130139c460a051c8e5bea67276a49d3b955dbda47d30750fd659e41ccac010abf8d3f23f00d80bc682dd4b22b8f0a3f6c361bfc65cff4965cadc760f704013e9ba4a0d85537c670e"}}, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1c}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xd0}}, 0x20000014)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001480), 0x8000, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f0000000000)=@v={0x93, 0x0, 0x90, 0x19, @MIDI_NOTEON=@special, 0x6, 0x1})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
r6 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
timer_create(0x0, 0x0, &(0x7f00000003c0))
timer_delete(0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x3c, r8, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r10, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

[   75.730588][ T4666] Bluetooth: hci0: command tx timeout
[   76.100556][ T5314] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.250325][ T5314] usb 5-1: Using ep0 maxpacket: 16
[   76.257540][ T5314] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   76.261815][ T5314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.265342][ T5314] usb 5-1: Product: syz
[   76.267184][ T5314] usb 5-1: Manufacturer: syz
[   76.269238][ T5314] usb 5-1: SerialNumber: syz
[   76.275460][ T5314] usb 5-1: config 0 descriptor??
[   76.344837][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.347539][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.683488][ T5314] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   76.692826][ T5314] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   76.697773][ T5314] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   76.702341][ T5314] usb 5-1: media controller created
[   76.737949][ T5314] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   76.939391][ T5321] ------------[ cut here ]------------
[   76.942148][ T5321] WARNING: CPU: 0 PID: 5321 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[   76.947064][ T5321] Modules linked in:
[   76.949187][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.953594][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.958111][ T5321] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   76.960864][ T5321] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 f7 00 f7 90 0f 0b 90 eb e1 e8 f7 f6 00 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   76.969166][ T5321] RSP: 0018:ffffc9000d35ef60 EFLAGS: 00010283
[   76.971888][ T5321] RAX: ffffffff8abf2c79 RBX: ffff88803cb30000 RCX: 0000000000100000
[   76.975233][ T5321] RDX: ffffc9000e52b000 RSI: 0000000000000479 RDI: 000000000000047a
[   76.978508][ T5321] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abf2793
[   76.983566][ T5321] R10: dffffc0000000000 R11: ffffed1007966031 R12: 1ffff1100796600a
[   76.987987][ T5321] R13: ffff8880426e0e80 R14: 0000000000000001 R15: ffffffff8abf2793
[   76.991658][ T5321] FS:  00007f00cf2616c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.995450][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.998356][ T5321] CR2: 00007f00cf25ffb8 CR3: 000000001f281000 CR4: 0000000000352ef0
[   77.001869][ T5321] Call Trace:
[   77.003403][ T5321]  <TASK>
[   77.004874][ T5321]  rate_control_rate_init_all_links+0x109/0x1a0
[   77.007509][ T5321]  sta_apply_auth_flags+0x1c2/0x400
[   77.009832][ T5321]  sta_apply_parameters+0xe27/0x1570
[   77.012217][ T5321]  ieee80211_add_station+0x424/0x6a0
[   77.014501][ T5321]  rdev_add_station+0x108/0x290
[   77.016248][ T5321]  nl80211_new_station+0x1755/0x1b70
[   77.018131][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.020350][ T5321]  ? netdev_run_todo+0xe1d/0xea0
[   77.022411][ T5321]  ? nl80211_pre_doit+0x4f1/0x930
[   77.024529][ T5321]  genl_family_rcv_msg_doit+0x215/0x300
[   77.026877][ T5321]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   77.029575][ T5321]  ? bpf_lsm_capable+0x9/0x20
[   77.031713][ T5321]  ? security_capable+0x7e/0x2e0
[   77.033945][ T5321]  genl_rcv_msg+0x60e/0x790
[   77.035962][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.038204][ T5321]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   77.040737][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.043212][ T5321]  ? __pfx_nl80211_post_doit+0x10/0x10
[   77.045577][ T5321]  ? __asan_memcpy+0x40/0x70
[   77.047378][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   77.049658][ T5321]  netlink_rcv_skb+0x208/0x470
[   77.051708][ T5321]  ? __lock_acquire+0xab9/0xd20
[   77.053789][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.055839][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   77.058154][ T5321]  ? down_read+0x1ad/0x2e0
[   77.059944][ T5321]  genl_rcv+0x28/0x40
[   77.061668][ T5321]  netlink_unicast+0x82f/0x9e0
[   77.063742][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   77.066050][ T5321]  ? netlink_sendmsg+0x642/0xb30
[   77.068628][ T5321]  ? skb_put+0x11b/0x210
[   77.070706][ T5321]  netlink_sendmsg+0x805/0xb30
[   77.072919][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.075308][ T5321]  ? aa_sock_msg_perm+0xf1/0x1d0
[   77.077680][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   77.080544][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.082902][ T5321]  __sock_sendmsg+0x21c/0x270
[   77.085035][ T5321]  ____sys_sendmsg+0x505/0x830
[   77.087004][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   77.089302][ T5321]  ? import_iovec+0x74/0xa0
[   77.091299][ T5321]  ___sys_sendmsg+0x21f/0x2a0
[   77.093653][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   77.096515][ T5321]  ? __fget_files+0x2a/0x420
[   77.098530][ T5321]  ? __fget_files+0x3a0/0x420
[   77.100697][ T5321]  __x64_sys_sendmsg+0x19b/0x260
[   77.102936][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   77.105228][ T5321]  ? do_syscall_64+0xbe/0xfa0
[   77.107338][ T5321]  do_syscall_64+0xfa/0xfa0
[   77.109408][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.111818][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.114724][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   77.117005][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.119383][ T5321] RIP: 0033:0x7f00ce38f6c9
[   77.121396][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.129463][ T5321] RSP: 002b:00007f00cf261038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.133229][ T5321] RAX: ffffffffffffffda RBX: 00007f00ce5e6090 RCX: 00007f00ce38f6c9
[   77.136897][ T5321] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009
[   77.140440][ T5321] RBP: 00007f00ce411f91 R08: 0000000000000000 R09: 0000000000000000
[   77.143839][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.147574][ T5321] R13: 00007f00ce5e6128 R14: 00007f00ce5e6090 R15: 00007fff136af838
[   77.151019][ T5321]  </TASK>
[   77.152414][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.155306][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.159095][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.163542][ T5321] Call Trace:
[   77.165022][ T5321]  <TASK>
[   77.166263][ T5321]  dump_stack_lvl+0x99/0x250
[   77.168200][ T5321]  ? __asan_memcpy+0x40/0x70
[   77.170086][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.172332][ T5321]  ? __pfx__printk+0x10/0x10
[   77.174406][ T5321]  vpanic+0x237/0x6d0
[   77.176102][ T5321]  ? __pfx_vpanic+0x10/0x10
[   77.178096][ T5321]  panic+0xb9/0xc0
[   77.179825][ T5321]  ? __pfx_panic+0x10/0x10
[   77.181814][ T5321]  __warn+0x31b/0x4b0
[   77.183513][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   77.186021][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   77.188325][ T5321]  report_bug+0x2be/0x4f0
[   77.190004][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   77.192274][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   77.194626][ T5321]  ? rate_control_rate_init+0x64c/0x6e0
[   77.196858][ T5321]  handle_bug+0x84/0x160
[   77.198589][ T5321]  exc_invalid_op+0x1a/0x50
[   77.200577][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   77.202717][ T5321] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   77.205367][ T5321] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 02 f7 00 f7 90 0f 0b 90 eb e1 e8 f7 f6 00 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   77.213430][ T5321] RSP: 0018:ffffc9000d35ef60 EFLAGS: 00010283
[   77.216145][ T5321] RAX: ffffffff8abf2c79 RBX: ffff88803cb30000 RCX: 0000000000100000
[   77.219477][ T5321] RDX: ffffc9000e52b000 RSI: 0000000000000479 RDI: 000000000000047a
[   77.222830][ T5321] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abf2793
[   77.226290][ T5321] R10: dffffc0000000000 R11: ffffed1007966031 R12: 1ffff1100796600a
[   77.229672][ T5321] R13: ffff8880426e0e80 R14: 0000000000000001 R15: ffffffff8abf2793
[   77.233111][ T5321]  ? rate_control_rate_init+0x163/0x6e0
[   77.235583][ T5321]  ? rate_control_rate_init+0x163/0x6e0
[   77.237945][ T5321]  ? rate_control_rate_init+0x649/0x6e0
[   77.240299][ T5321]  rate_control_rate_init_all_links+0x109/0x1a0
[   77.243001][ T5321]  sta_apply_auth_flags+0x1c2/0x400
[   77.245290][ T5321]  sta_apply_parameters+0xe27/0x1570
[   77.247553][ T5321]  ieee80211_add_station+0x424/0x6a0
[   77.249888][ T5321]  rdev_add_station+0x108/0x290
[   77.251935][ T5321]  nl80211_new_station+0x1755/0x1b70
[   77.254266][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.256625][ T5321]  ? netdev_run_todo+0xe1d/0xea0
[   77.258664][ T5321]  ? nl80211_pre_doit+0x4f1/0x930
[   77.260804][ T5321]  genl_family_rcv_msg_doit+0x215/0x300
[   77.263216][ T5321]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   77.265799][ T5321]  ? bpf_lsm_capable+0x9/0x20
[   77.267781][ T5321]  ? security_capable+0x7e/0x2e0
[   77.269853][ T5321]  genl_rcv_msg+0x60e/0x790
[   77.271798][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.273957][ T5321]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   77.276180][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.278539][ T5321]  ? __pfx_nl80211_post_doit+0x10/0x10
[   77.280882][ T5321]  ? __asan_memcpy+0x40/0x70
[   77.282784][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   77.284988][ T5321]  netlink_rcv_skb+0x208/0x470
[   77.287012][ T5321]  ? __lock_acquire+0xab9/0xd20
[   77.289091][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.291154][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   77.293410][ T5321]  ? down_read+0x1ad/0x2e0
[   77.295324][ T5321]  genl_rcv+0x28/0x40
[   77.297006][ T5321]  netlink_unicast+0x82f/0x9e0
[   77.298980][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   77.301201][ T5321]  ? netlink_sendmsg+0x642/0xb30
[   77.303284][ T5321]  ? skb_put+0x11b/0x210
[   77.305092][ T5321]  netlink_sendmsg+0x805/0xb30
[   77.307072][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.309242][ T5321]  ? aa_sock_msg_perm+0xf1/0x1d0
[   77.311550][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   77.314173][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.316680][ T5321]  __sock_sendmsg+0x21c/0x270
[   77.318655][ T5321]  ____sys_sendmsg+0x505/0x830
[   77.320620][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   77.322777][ T5321]  ? import_iovec+0x74/0xa0
[   77.324638][ T5321]  ___sys_sendmsg+0x21f/0x2a0
[   77.326554][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   77.328829][ T5321]  ? __fget_files+0x2a/0x420
[   77.330707][ T5321]  ? __fget_files+0x3a0/0x420
[   77.332694][ T5321]  __x64_sys_sendmsg+0x19b/0x260
[   77.334847][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   77.337204][ T5321]  ? do_syscall_64+0xbe/0xfa0
[   77.339232][ T5321]  do_syscall_64+0xfa/0xfa0
[   77.341103][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.343298][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.345920][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   77.347955][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.350282][ T5321] RIP: 0033:0x7f00ce38f6c9
[   77.352215][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.360351][ T5321] RSP: 002b:00007f00cf261038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.363890][ T5321] RAX: ffffffffffffffda RBX: 00007f00ce5e6090 RCX: 00007f00ce38f6c9
[   77.367367][ T5321] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009
[   77.370815][ T5321] RBP: 00007f00ce411f91 R08: 0000000000000000 R09: 0000000000000000
[   77.374095][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.377323][ T5321] R13: 00007f00ce5e6128 R14: 00007f00ce5e6090 R15: 00007fff136af838
[   77.380567][ T5321]  </TASK>
[   77.382233][ T5321] Kernel Offset: disabled
[   77.384091][ T5321] Rebooting in 86400 seconds..