program:
pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000080)="5f28468bb5a7da702955486d4d23c83ca856fe", 0x13}], 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_proto_private(r0, 0x8b20, &(0x7f0000000080))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x6c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x38, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x9, 0x3, 0x9, 0xa3c}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x6c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x3c, r6, 0xb97534d5fe9704cf, 0x0, 0x400, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="0400000000000000cd09000000f00200000000e80900000000000002af0000000000001203000000000000010000000000000000000000a9be67883213970100"/74]) (async)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="0400000000000000cd09000000f00200000000e80900000000000002af0000000000001203000000000000010000000000000000000000a9be67883213970100"/74])
sendmsg$NFC_CMD_START_POLL(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={0x14, r10, 0x1, 0x123, 0x100234}, 0x14}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r11 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r12 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000040)={'lo\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfc, 0x0, 0x1, 0xffffffff}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=@mpls_delroute={0x0, 0x19, 0x1, 0x70bd25, 0x25dfdbfb, {0x1c, 0x0, 0x20, 0xe, 0xfd, 0x3, 0xfd, 0x1, 0x400}}, 0x3c}}, 0x0)
r14 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x141842, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) (async)
r15 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
accept4$phonet_pipe(r14, &(0x7f0000000400), &(0x7f00000004c0)=0x10, 0x800)
write$binfmt_script(r15, &(0x7f0000000200), 0xfea7)
copy_file_range(r15, &(0x7f00000001c0), r14, 0x0, 0xffffffffa003e45b, 0x700000000000000) (async)
copy_file_range(r15, &(0x7f00000001c0), r14, 0x0, 0xffffffffa003e45b, 0x700000000000000)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r14, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4) (async)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r14, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4)

[   60.818602][ T4660] Bluetooth: hci0: command tx timeout
[   60.860299][ T5314] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   60.906604][ T5314] ------------[ cut here ]------------
[   60.908762][ T5314] WARNING: CPU: 0 PID: 5314 at net/mac80211/rate.c:53 rate_control_rate_init+0x5ec/0x680
[   60.912624][ T5314] Modules linked in:
[   60.914502][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[   60.919153][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.923589][ T5314] RIP: 0010:rate_control_rate_init+0x5ec/0x680
[   60.925983][ T5314] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 9c 65 f6 90 0f 0b 90 eb e2 e8 f5 9b 65 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00
[   60.933722][ T5314] RSP: 0018:ffffc9000d4a6fd0 EFLAGS: 00010293
[   60.936149][ T5314] RAX: ffffffff8b39d7fb RBX: 0000000000000001 RCX: ffff888000ad8000
[   60.939202][ T5314] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   60.942243][ T5314] RBP: ffffffff8b39d345 R08: ffffffff8b39d430 R09: 1ffffffff2854910
[   60.945393][ T5314] R10: dffffc0000000000 R11: fffffbfff2854911 R12: ffff888052d10e40
[   60.948182][ T5314] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100871580a
[   60.951123][ T5314] FS:  00007f747c8ec6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   60.954768][ T5314] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.957945][ T5314] CR2: 0000000020001080 CR3: 0000000042f44000 CR4: 0000000000352ef0
[   60.961358][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.964765][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.967600][ T5314] Call Trace:
[   60.968855][ T5314]  <TASK>
[   60.970070][ T5314]  ? __warn+0x165/0x4d0
[   60.971792][ T5314]  ? rate_control_rate_init+0x5ec/0x680
[   60.974147][ T5314]  ? report_bug+0x2b3/0x500
[   60.975832][ T5314]  ? rate_control_rate_init+0x5ec/0x680
[   60.977949][ T5314]  ? handle_bug+0x60/0x90
[   60.979603][ T5314]  ? exc_invalid_op+0x1a/0x50
[   60.981464][ T5314]  ? asm_exc_invalid_op+0x1a/0x20
[   60.983523][ T5314]  ? rate_control_rate_init+0x135/0x680
[   60.985538][ T5314]  ? rate_control_rate_init+0x220/0x680
[   60.987805][ T5314]  ? rate_control_rate_init+0x5eb/0x680
[   60.989832][ T5314]  ? rate_control_rate_init+0x5ec/0x680
[   60.992054][ T5314]  rate_control_rate_init_all_links+0xfc/0x190
[   60.994544][ T5314]  sta_apply_auth_flags+0x1b6/0x410
[   60.996537][ T5314]  sta_apply_parameters+0xe23/0x1550
[   60.998587][ T5314]  ieee80211_add_station+0x3da/0x630
[   61.000705][ T5314]  rdev_add_station+0x11b/0x2b0
[   61.002792][ T5314]  nl80211_new_station+0x1d53/0x2550
[   61.004959][ T5314]  ? __pfx_nl80211_new_station+0x10/0x10
[   61.007180][ T5314]  ? netdev_run_todo+0xf88/0x1000
[   61.009187][ T5314]  genl_rcv_msg+0xb14/0xec0
[   61.011022][ T5314]  ? __pfx_genl_rcv_msg+0x10/0x10
[   61.013140][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   61.014890][ T5314]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   61.016576][ T5314]  ? __pfx_nl80211_new_station+0x10/0x10
[   61.018612][ T5314]  ? __pfx_nl80211_post_doit+0x10/0x10
[   61.020626][ T5314]  ? __pfx___might_resched+0x10/0x10
[   61.022593][ T5314]  netlink_rcv_skb+0x1e3/0x430
[   61.024707][ T5314]  ? __pfx_genl_rcv_msg+0x10/0x10
[   61.027080][ T5314]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   61.029668][ T5314]  ? __netlink_deliver_tap+0x7aa/0x7f0
[   61.031848][ T5314]  genl_rcv+0x28/0x40
[   61.033411][ T5314]  netlink_unicast+0x7f6/0x990
[   61.035261][ T5314]  ? __pfx_netlink_unicast+0x10/0x10
[   61.037172][ T5314]  ? __virt_addr_valid+0x45f/0x530
[   61.039202][ T5314]  ? __phys_addr_symbol+0x2f/0x70
[   61.040917][ T5314]  ? __check_object_size+0x47a/0x730
[   61.042719][ T5314]  netlink_sendmsg+0x8e4/0xcb0
[   61.044445][ T5314]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.046516][ T5314]  ? aa_sock_msg_perm+0x91/0x160
[   61.048680][ T5314]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.050618][ T5314]  __sock_sendmsg+0x221/0x270
[   61.052308][ T5314]  ____sys_sendmsg+0x52a/0x7e0
[   61.054172][ T5314]  ? __pfx_____sys_sendmsg+0x10/0x10
[   61.056417][ T5314]  ? __fget_files+0x2a/0x410
[   61.058251][ T5314]  ? __fget_files+0x2a/0x410
[   61.060102][ T5314]  __sys_sendmsg+0x269/0x350
[   61.061779][ T5314]  ? __pfx___sys_sendmsg+0x10/0x10
[   61.064009][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.066268][ T5314]  ? do_syscall_64+0x100/0x230
[   61.068007][ T5314]  ? do_syscall_64+0xb6/0x230
[   61.069689][ T5314]  do_syscall_64+0xf3/0x230
[   61.071415][ T5314]  ? clear_bhb_loop+0x35/0x90
[   61.073452][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.075702][ T5314] RIP: 0033:0x7f747bb85d29
[   61.077486][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.085032][ T5314] RSP: 002b:00007f747c8ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.088294][ T5314] RAX: ffffffffffffffda RBX: 00007f747bd75fa0 RCX: 00007f747bb85d29
[   61.091366][ T5314] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000009
[   61.095045][ T5314] RBP: 00007f747bc01aa8 R08: 0000000000000000 R09: 0000000000000000
[   61.097899][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   61.100771][ T5314] R13: 0000000000000000 R14: 00007f747bd75fa0 R15: 00007fff9b2e5168
[   61.104140][ T5314]  </TASK>
[   61.105348][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   61.108023][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
[   61.111770][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.115582][ T5314] Call Trace:
[   61.116877][ T5314]  <TASK>
[   61.118051][ T5314]  dump_stack_lvl+0x241/0x360
[   61.119845][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.121771][ T5314]  ? __pfx__printk+0x10/0x10
[   61.123511][ T5314]  ? vscnprintf+0x5d/0x90
[   61.125213][ T5314]  panic+0x349/0x880
[   61.126739][ T5314]  ? __warn+0x174/0x4d0
[   61.128368][ T5314]  ? __pfx_panic+0x10/0x10
[   61.130145][ T5314]  __warn+0x344/0x4d0
[   61.131814][ T5314]  ? rate_control_rate_init+0x5ec/0x680
[   61.134050][ T5314]  report_bug+0x2b3/0x500
[   61.135821][ T5314]  ? rate_control_rate_init+0x5ec/0x680
[   61.137919][ T5314]  handle_bug+0x60/0x90
[   61.139350][ T5314]  exc_invalid_op+0x1a/0x50
[   61.141110][ T5314]  asm_exc_invalid_op+0x1a/0x20
[   61.142914][ T5314] RIP: 0010:rate_control_rate_init+0x5ec/0x680
[   61.145227][ T5314] Code: 8b 82 01 00 00 20 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 9c 65 f6 90 0f 0b 90 eb e2 e8 f5 9b 65 f6 90 <0f> 0b 90 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8e 00 00 00
[   61.152503][ T5314] RSP: 0018:ffffc9000d4a6fd0 EFLAGS: 00010293
[   61.154828][ T5314] RAX: ffffffff8b39d7fb RBX: 0000000000000001 RCX: ffff888000ad8000
[   61.157773][ T5314] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   61.160833][ T5314] RBP: ffffffff8b39d345 R08: ffffffff8b39d430 R09: 1ffffffff2854910
[   61.163952][ T5314] R10: dffffc0000000000 R11: fffffbfff2854911 R12: ffff888052d10e40
[   61.167019][ T5314] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff1100871580a
[   61.170135][ T5314]  ? rate_control_rate_init+0x135/0x680
[   61.172186][ T5314]  ? rate_control_rate_init+0x220/0x680
[   61.174259][ T5314]  ? rate_control_rate_init+0x5eb/0x680
[   61.176370][ T5314]  rate_control_rate_init_all_links+0xfc/0x190
[   61.178755][ T5314]  sta_apply_auth_flags+0x1b6/0x410
[   61.180674][ T5314]  sta_apply_parameters+0xe23/0x1550
[   61.182583][ T5314]  ieee80211_add_station+0x3da/0x630
[   61.184576][ T5314]  rdev_add_station+0x11b/0x2b0
[   61.186306][ T5314]  nl80211_new_station+0x1d53/0x2550
[   61.188331][ T5314]  ? __pfx_nl80211_new_station+0x10/0x10
[   61.190516][ T5314]  ? netdev_run_todo+0xf88/0x1000
[   61.192445][ T5314]  genl_rcv_msg+0xb14/0xec0
[   61.194265][ T5314]  ? __pfx_genl_rcv_msg+0x10/0x10
[   61.196218][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   61.198170][ T5314]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   61.200172][ T5314]  ? __pfx_nl80211_new_station+0x10/0x10
[   61.202300][ T5314]  ? __pfx_nl80211_post_doit+0x10/0x10
[   61.204319][ T5314]  ? __pfx___might_resched+0x10/0x10
[   61.206148][ T5314]  netlink_rcv_skb+0x1e3/0x430
[   61.208084][ T5314]  ? __pfx_genl_rcv_msg+0x10/0x10
[   61.210224][ T5314]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   61.212684][ T5314]  ? __netlink_deliver_tap+0x7aa/0x7f0
[   61.215190][ T5314]  genl_rcv+0x28/0x40
[   61.216993][ T5314]  netlink_unicast+0x7f6/0x990
[   61.219248][ T5314]  ? __pfx_netlink_unicast+0x10/0x10
[   61.221739][ T5314]  ? __virt_addr_valid+0x45f/0x530
[   61.224029][ T5314]  ? __phys_addr_symbol+0x2f/0x70
[   61.225892][ T5314]  ? __check_object_size+0x47a/0x730
[   61.227698][ T5314]  netlink_sendmsg+0x8e4/0xcb0
[   61.229417][ T5314]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.231403][ T5314]  ? aa_sock_msg_perm+0x91/0x160
[   61.233144][ T5314]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.235039][ T5314]  __sock_sendmsg+0x221/0x270
[   61.236715][ T5314]  ____sys_sendmsg+0x52a/0x7e0
[   61.238425][ T5314]  ? __pfx_____sys_sendmsg+0x10/0x10
[   61.240267][ T5314]  ? __fget_files+0x2a/0x410
[   61.241860][ T5314]  ? __fget_files+0x2a/0x410
[   61.243498][ T5314]  __sys_sendmsg+0x269/0x350
[   61.245083][ T5314]  ? __pfx___sys_sendmsg+0x10/0x10
[   61.246854][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.249047][ T5314]  ? do_syscall_64+0x100/0x230
[   61.250654][ T5314]  ? do_syscall_64+0xb6/0x230
[   61.252326][ T5314]  do_syscall_64+0xf3/0x230
[   61.253989][ T5314]  ? clear_bhb_loop+0x35/0x90
[   61.255763][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.258063][ T5314] RIP: 0033:0x7f747bb85d29
[   61.259788][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.266545][ T5314] RSP: 002b:00007f747c8ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.269315][ T5314] RAX: ffffffffffffffda RBX: 00007f747bd75fa0 RCX: 00007f747bb85d29
[   61.272117][ T5314] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000009
[   61.274800][ T5314] RBP: 00007f747bc01aa8 R08: 0000000000000000 R09: 0000000000000000
[   61.277573][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   61.280301][ T5314] R13: 0000000000000000 R14: 00007f747bd75fa0 R15: 00007fff9b2e5168
[   61.283604][ T5314]  </TASK>
[   61.285129][ T5314] Kernel Offset: disabled
[   61.286786][ T5314] Rebooting in 86400 seconds..