program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r6, @ANYBLOB="0500130091fff4000a0006000802110000010000060010008005000006001200000000008f45a3503f0ff4b2ea6a717b91961a2b3053e4494e95aab3c875da53e9976507fe994f1857d85bcd21edba2c932c7682c115ecfe71d98865f9958540a1cdf4c0254e98c5f251e886f37534f59a90e6ae258796a3613873e87d70a15358eb2affd7f579eb07ddc0e1e8548b80c9cd6881061f8502bcf748001c785efd1b3da7e7b1b972f30b93228b4ca83c9f5afc213bd8c3fc1c517ae1184a897d6608beed6785ac4922eeaa294642ea3663760b566f3d788375523ab8deed5647dcbc13e87720c21922f4a75c15"], 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

[   73.327057][ T5307] Bluetooth: hci0: command tx timeout
[   73.432620][ T5323] ------------[ cut here ]------------
[   73.434964][ T5323] WARNING: CPU: 0 PID: 5323 at ./include/net/mac80211.h:7053 minstrel_ht_update_caps+0x44a/0x17e0
[   73.439188][ T5323] Modules linked in:
[   73.440811][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0
[   73.444838][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.449116][ T5323] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0
[   73.451602][ T5323] Code: da e8 ba 42 a0 f9 e9 24 ff ff ff e8 f0 0f 45 f6 eb 17 e8 e9 0f 45 f6 eb 14 e8 e2 0f 45 f6 49 c1 fd 38 eb 0c e8 d7 0f 45 f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   73.458982][ T5323] RSP: 0018:ffffc9000d3c6ef8 EFLAGS: 00010293
[   73.461218][ T5323] RAX: ffffffff8b5a4e69 RBX: 000000000000000c RCX: ffff888000ee4880
[   73.464089][ T5323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   73.467035][ T5323] RBP: 0000000000000000 R08: ffffffff8b5a4d85 R09: 0000000000000000
[   73.469774][ T5323] R10: ffff88804095c008 R11: ffffed100812bd49 R12: 1ffff1100878461c
[   73.472543][ T5323] R13: 0b00000000000000 R14: ffff888043c230e0 R15: 0100000000000000
[   73.475404][ T5323] FS:  00007f13029a86c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   73.478629][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.481143][ T5323] CR2: 00007f1301d1a170 CR3: 0000000040b22000 CR4: 0000000000352ef0
[   73.484283][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   73.487530][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   73.490599][ T5323] Call Trace:
[   73.491923][ T5323]  <TASK>
[   73.493099][ T5323]  ? __warn+0x165/0x4d0
[   73.494733][ T5323]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   73.497054][ T5323]  ? report_bug+0x2b3/0x500
[   73.498834][ T5323]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   73.501033][ T5323]  ? handle_bug+0x60/0x90
[   73.502698][ T5323]  ? exc_invalid_op+0x1a/0x50
[   73.504585][ T5323]  ? asm_exc_invalid_op+0x1a/0x20
[   73.506595][ T5323]  ? minstrel_ht_update_caps+0x365/0x17e0
[   73.508740][ T5323]  ? minstrel_ht_update_caps+0x449/0x17e0
[   73.510929][ T5323]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   73.513177][ T5323]  ? minstrel_ht_update_caps+0x449/0x17e0
[   73.515474][ T5323]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   73.517556][ T5323]  ? rate_control_rate_init+0x347/0x680
[   73.519698][ T5323]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   73.521871][ T5323]  rate_control_rate_init+0x3d8/0x680
[   73.523915][ T5323]  ? rate_control_rate_init+0x135/0x680
[   73.526172][ T5323]  rate_control_rate_init_all_links+0xfc/0x190
[   73.528618][ T5323]  sta_apply_auth_flags+0x1b6/0x410
[   73.530656][ T5323]  sta_apply_parameters+0xe23/0x1550
[   73.532734][ T5323]  ieee80211_add_station+0x3da/0x630
[   73.534842][ T5323]  rdev_add_station+0x11b/0x2b0
[   73.536829][ T5323]  nl80211_new_station+0x1d53/0x2550
[   73.538890][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.541066][ T5323]  ? netdev_run_todo+0xf88/0x1000
[   73.543022][ T5323]  genl_rcv_msg+0xb14/0xec0
[   73.544835][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.546971][ T5323]  ? __pfx_lock_acquire+0x10/0x10
[   73.548944][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   73.551007][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.553159][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   73.555343][ T5323]  ? __pfx___might_resched+0x10/0x10
[   73.557679][ T5323]  netlink_rcv_skb+0x1e3/0x430
[   73.559543][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.561427][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.563409][ T5323]  ? __netlink_deliver_tap+0x7aa/0x7f0
[   73.565666][ T5323]  genl_rcv+0x28/0x40
[   73.567274][ T5323]  netlink_unicast+0x7f6/0x990
[   73.569169][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   73.571265][ T5323]  ? __virt_addr_valid+0x45f/0x530
[   73.573122][ T5323]  ? __phys_addr_symbol+0x2f/0x70
[   73.575185][ T5323]  ? __check_object_size+0x47a/0x730
[   73.577255][ T5323]  netlink_sendmsg+0x8e4/0xcb0
[   73.579003][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.580996][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   73.582964][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.584893][ T5323]  __sock_sendmsg+0x221/0x270
[   73.586663][ T5323]  ____sys_sendmsg+0x52a/0x7e0
[   73.588299][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.590270][ T5323]  ? __fget_files+0x2a/0x410
[   73.591927][ T5323]  ? __fget_files+0x2a/0x410
[   73.593743][ T5323]  __sys_sendmsg+0x269/0x350
[   73.595623][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   73.597585][ T5323]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   73.599938][ T5323]  ? do_syscall_64+0x100/0x230
[   73.601794][ T5323]  ? do_syscall_64+0xb6/0x230
[   73.603770][ T5323]  do_syscall_64+0xf3/0x230
[   73.605658][ T5323]  ? clear_bhb_loop+0x35/0x90
[   73.607595][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.609826][ T5323] RIP: 0033:0x7f1301b7ff19
[   73.611581][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.618915][ T5323] RSP: 002b:00007f13029a8058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.622005][ T5323] RAX: ffffffffffffffda RBX: 00007f1301d45fa0 RCX: 00007f1301b7ff19
[   73.625117][ T5323] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000007
[   73.628114][ T5323] RBP: 00007f1301bf3cc8 R08: 0000000000000000 R09: 0000000000000000
[   73.631089][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.634047][ T5323] R13: 0000000000000000 R14: 00007f1301d45fa0 R15: 00007ffc2ccfd8f8
[   73.637148][ T5323]  </TASK>
[   73.638322][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   73.641043][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0
[   73.644857][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.648873][ T5323] Call Trace:
[   73.650149][ T5323]  <TASK>
[   73.651307][ T5323]  dump_stack_lvl+0x241/0x360
[   73.653117][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.655072][ T5323]  ? __pfx__printk+0x10/0x10
[   73.656823][ T5323]  ? vscnprintf+0x5d/0x90
[   73.658484][ T5323]  panic+0x349/0x880
[   73.659971][ T5323]  ? __warn+0x174/0x4d0
[   73.661545][ T5323]  ? __pfx_panic+0x10/0x10
[   73.663152][ T5323]  __warn+0x344/0x4d0
[   73.664321][ T5323]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   73.666163][ T5323]  report_bug+0x2b3/0x500
[   73.667662][ T5323]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   73.669605][ T5323]  handle_bug+0x60/0x90
[   73.671217][ T5323]  exc_invalid_op+0x1a/0x50
[   73.672965][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   73.674799][ T5323] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0
[   73.677179][ T5323] Code: da e8 ba 42 a0 f9 e9 24 ff ff ff e8 f0 0f 45 f6 eb 17 e8 e9 0f 45 f6 eb 14 e8 e2 0f 45 f6 49 c1 fd 38 eb 0c e8 d7 0f 45 f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   73.683998][ T5323] RSP: 0018:ffffc9000d3c6ef8 EFLAGS: 00010293
[   73.685954][ T5323] RAX: ffffffff8b5a4e69 RBX: 000000000000000c RCX: ffff888000ee4880
[   73.688766][ T5323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   73.691855][ T5323] RBP: 0000000000000000 R08: ffffffff8b5a4d85 R09: 0000000000000000
[   73.694887][ T5323] R10: ffff88804095c008 R11: ffffed100812bd49 R12: 1ffff1100878461c
[   73.697909][ T5323] R13: 0b00000000000000 R14: ffff888043c230e0 R15: 0100000000000000
[   73.700659][ T5323]  ? minstrel_ht_update_caps+0x365/0x17e0
[   73.702713][ T5323]  ? minstrel_ht_update_caps+0x449/0x17e0
[   73.704923][ T5323]  ? minstrel_ht_update_caps+0x449/0x17e0
[   73.707123][ T5323]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   73.709192][ T5323]  ? rate_control_rate_init+0x347/0x680
[   73.711335][ T5323]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   73.713579][ T5323]  rate_control_rate_init+0x3d8/0x680
[   73.715637][ T5323]  ? rate_control_rate_init+0x135/0x680
[   73.717734][ T5323]  rate_control_rate_init_all_links+0xfc/0x190
[   73.720068][ T5323]  sta_apply_auth_flags+0x1b6/0x410
[   73.722033][ T5323]  sta_apply_parameters+0xe23/0x1550
[   73.724080][ T5323]  ieee80211_add_station+0x3da/0x630
[   73.726094][ T5323]  rdev_add_station+0x11b/0x2b0
[   73.727968][ T5323]  nl80211_new_station+0x1d53/0x2550
[   73.729955][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.732110][ T5323]  ? netdev_run_todo+0xf88/0x1000
[   73.734066][ T5323]  genl_rcv_msg+0xb14/0xec0
[   73.735808][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.737710][ T5323]  ? __pfx_lock_acquire+0x10/0x10
[   73.739625][ T5323]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   73.741641][ T5323]  ? __pfx_nl80211_new_station+0x10/0x10
[   73.743780][ T5323]  ? __pfx_nl80211_post_doit+0x10/0x10
[   73.745883][ T5323]  ? __pfx___might_resched+0x10/0x10
[   73.747954][ T5323]  netlink_rcv_skb+0x1e3/0x430
[   73.749770][ T5323]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.751707][ T5323]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.753712][ T5323]  ? __netlink_deliver_tap+0x7aa/0x7f0
[   73.755789][ T5323]  genl_rcv+0x28/0x40
[   73.757338][ T5323]  netlink_unicast+0x7f6/0x990
[   73.759204][ T5323]  ? __pfx_netlink_unicast+0x10/0x10
[   73.761228][ T5323]  ? __virt_addr_valid+0x45f/0x530
[   73.763219][ T5323]  ? __phys_addr_symbol+0x2f/0x70
[   73.765162][ T5323]  ? __check_object_size+0x47a/0x730
[   73.767189][ T5323]  netlink_sendmsg+0x8e4/0xcb0
[   73.768926][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.770873][ T5323]  ? aa_sock_msg_perm+0x91/0x160
[   73.772759][ T5323]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.774755][ T5323]  __sock_sendmsg+0x221/0x270
[   73.776575][ T5323]  ____sys_sendmsg+0x52a/0x7e0
[   73.778415][ T5323]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.780417][ T5323]  ? __fget_files+0x2a/0x410
[   73.782149][ T5323]  ? __fget_files+0x2a/0x410
[   73.783769][ T5323]  __sys_sendmsg+0x269/0x350
[   73.785259][ T5323]  ? __pfx___sys_sendmsg+0x10/0x10
[   73.786797][ T5323]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   73.788631][ T5323]  ? do_syscall_64+0x100/0x230
[   73.790095][ T5323]  ? do_syscall_64+0xb6/0x230
[   73.791641][ T5323]  do_syscall_64+0xf3/0x230
[   73.793126][ T5323]  ? clear_bhb_loop+0x35/0x90
[   73.794900][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.797140][ T5323] RIP: 0033:0x7f1301b7ff19
[   73.798839][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.806051][ T5323] RSP: 002b:00007f13029a8058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.809237][ T5323] RAX: ffffffffffffffda RBX: 00007f1301d45fa0 RCX: 00007f1301b7ff19
[   73.812244][ T5323] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000007
[   73.815223][ T5323] RBP: 00007f1301bf3cc8 R08: 0000000000000000 R09: 0000000000000000
[   73.818228][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.821222][ T5323] R13: 0000000000000000 R14: 00007f1301d45fa0 R15: 00007ffc2ccfd8f8
[   73.824180][ T5323]  </TASK>
[   73.825660][ T5323] Kernel Offset: disabled
[   73.827541][ T5323] Rebooting in 86400 seconds..