program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0xfffffffc}, 0x9)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = fanotify_init(0x0, 0x0)
r5 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r4, 0x229, 0x8001011, r5, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x498, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_PROBE_RESP={0x464, 0x91, "89b26b4197cb10a9332235b66f5dcebfd2dc36d005a2a93956a93e4aa259beceeb69e1813d4cef94636889a2b3a8152958ddaafa1f39784310fb86ef1d5650b99be085b3bf1756999b015c8108ab1e32f288ed77ac20fab5c6cc5698c0d571b7c6e22addc1f67fbca7953c4c5bd6eb6513273ebfde3ab569011c4ec0b0a81f1cf7221b902dbff54cfdf8c71268cb8d579f0b26cb66183d36dadd80d596e0151535bbdcabf1e1d2a97fcbcc2fff01128f0a4b3e1a2da5464ebb7294128922d010508acfcae3b69a39008efa5c32b3a671c1c2e13c801af30c31897aa8d44ee6b81a8d2f216256459649fc94ff06f6e739dc1375969cde266653af1ef070fc61a034c08143556dfbbfdb3e24736f89d92017a11599c96c8b5c4f634cd4ff67b5828835e81a674cb38d6cb5a0b674f3ea772142ada264ce9cc8c8ffc3138813994fdd3e58b7246bcaf4d04e0c45276bcc48a17ead780415ded7467f72b133a35cc320f461bf17ab5c53f85dcdb6c101c854d38aecc50a88e6e9070bef8074718c4eba9c0e2845655a0fb7aa23e29c75cf4addc98f5f98162a8854d6506ea2820b4ae67a126638854607454a3d079de9f8a180364c89f3b8d843c6f3756a2845b5ceb8201b764ba24985b09ac91fd49c3b50d0339fcfc3b58f96fdf79efe90c8c660ae473caf7bf5c1309e52d1c1e8295398726e6f63c28f745799402527c840955e35c5372e61799d5824c6afdeda3cb7140615ce332363bf3f1b03a4eb936669302dda5a9cf3e6ccacc0431ca075530535eeaa64cadd04bc4caeb83f872b2459b1874e74a85041b04ba27d3a223c53c7e274d1a9408903e2fc2d303f8e024a8a56fb0dc0454314be11f97b36e10e02622ea056c56762c0e5b2fc37a8700f80d0b4bdb50b2911f91c4a5290aea328899be52c64972e61bea96b0a3e994038ec2f6a2b637d4f76eeb0c68ab157581ac1b4fdd3d3f2be86323a0cd49ce2fddd0fa0bf84ab130e7f737580d9023fd04014aac8f5f6dff9b1010b4aa1fe5b79c7f4b93273ecc3cd8eb9028d8fc40a06c91e1f666bd412a3c7b92c9b0e1f2868a1fe3e89534f1a60449539f322656f2429dacfa0aa73e065d3a7c759cbb9d93801ab4c089ed6dfb1e9bd9dc0cd1560d69f3ad82bf20f16dbb6e6f3fe363aecf1ee5c0c20c31dccc720229a064843b8457e125e35c5fce4108677a803fac16daa1e9ef4fca3f614ffad85c2be3b52a3ae18dc6aa2f810a68ab1cf710e7546503548c485eb6488702cb3154d51689dee1c63f9f7f1f66b5770f8adc1e54a15a436b6c2d97924841cbb992cb27aba1684c0ac0535d1e9d8db816454c6f645fc628bfb7684d4f13593096ae385336aa252a4ffa564744970701d96665d7c8bc882b342cd626465031f255f0c11c3f4c5e1f7ee973e97fc024b5be3b9425763df33ad89d56806e07d3b4b280ec171e54b26c55199a0bfbfa0d80d191dd8ffe697cf986adea888c0c5e92c071c2c77f394d9add53dfb1d3b3ea6a36779549ab86c13f19e669a86722ebe91d07716915007fbd51b42f47f8e32808f56957a33466e6a8085137193"}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x498}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}}, &(0x7f0000000480)='GPL\x00'}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r9, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x3c, r7, 0xb97534d5fe9704cf, 0x20000, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)

[   85.809165][ T4681] Bluetooth: hci0: command tx timeout
[   85.969313][ T5336] ------------[ cut here ]------------
[   85.971692][ T5336] WARNING: CPU: 0 PID: 5336 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[   85.975433][ T5336] Modules linked in:
[   85.977114][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) 
[   85.981742][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.986161][ T5336] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   85.988767][ T5336] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 a2 be d7 f6 90 0f 0b 90 eb e1 e8 97 be d7 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   85.996127][ T5336] RSP: 0018:ffffc9000d3b6ff0 EFLAGS: 00010287
[   85.998674][ T5336] RAX: ffffffff8ae80779 RBX: ffff888043aa8000 RCX: 0000000000100000
[   86.002014][ T5336] RDX: ffffc9000e112000 RSI: 0000000000000399 RDI: 000000000000039a
[   86.005577][ T5336] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ae80293
[   86.009201][ T5336] R10: dffffc0000000000 R11: ffffed1008755031 R12: 1ffff1100875500a
[   86.012609][ T5336] R13: ffff888052ec0e40 R14: 0000000000000001 R15: ffffffff8ae80293
[   86.016043][ T5336] FS:  00007f3f4e5f56c0(0000) GS:ffff88808d27b000(0000) knlGS:0000000000000000
[   86.020116][ T5336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.022877][ T5336] CR2: 0000200000001080 CR3: 0000000043163000 CR4: 0000000000352ef0
[   86.026297][ T5336] Call Trace:
[   86.027768][ T5336]  <TASK>
[   86.029267][ T5336]  rate_control_rate_init_all_links+0x109/0x1a0
[   86.031577][ T5336]  sta_apply_auth_flags+0x1c2/0x400
[   86.033546][ T5336]  sta_apply_parameters+0xe4b/0x15b0
[   86.035721][ T5336]  ieee80211_add_station+0x424/0x6a0
[   86.037959][ T5336]  rdev_add_station+0x105/0x290
[   86.040171][ T5336]  nl80211_new_station+0x1723/0x1b40
[   86.042436][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[   86.044882][ T5336]  ? netdev_run_todo+0xe1d/0xea0
[   86.047188][ T5336]  ? nl80211_pre_doit+0x4f1/0x930
[   86.049982][ T5336]  genl_family_rcv_msg_doit+0x215/0x300
[   86.052760][ T5336]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   86.055705][ T5336]  ? bpf_lsm_capable+0x9/0x20
[   86.057830][ T5336]  ? security_capable+0x7e/0x2e0
[   86.060263][ T5336]  genl_rcv_msg+0x60e/0x790
[   86.062322][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[   86.064575][ T5336]  ? ref_tracker_free+0x63a/0x7d0
[   86.066814][ T5336]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   86.069281][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[   86.071721][ T5336]  ? __pfx_nl80211_post_doit+0x10/0x10
[   86.074169][ T5336]  ? __pfx_ref_tracker_free+0x10/0x10
[   86.076622][ T5336]  netlink_rcv_skb+0x205/0x470
[   86.078929][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[   86.081119][ T5336]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   86.083423][ T5336]  ? down_read+0x1ad/0x2e0
[   86.085472][ T5336]  genl_rcv+0x28/0x40
[   86.087276][ T5336]  netlink_unicast+0x75c/0x8e0
[   86.089586][ T5336]  netlink_sendmsg+0x805/0xb30
[   86.091808][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.094654][ T5336]  ? aa_sock_msg_perm+0x94/0x160
[   86.097413][ T5336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.100445][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.103256][ T5336]  __sock_sendmsg+0x21c/0x270
[   86.105506][ T5336]  ____sys_sendmsg+0x505/0x830
[   86.107615][ T5336]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.110160][ T5336]  ? import_iovec+0x74/0xa0
[   86.112180][ T5336]  ___sys_sendmsg+0x21f/0x2a0
[   86.114357][ T5336]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.116610][ T5336]  __x64_sys_sendmsg+0x19b/0x260
[   86.118893][ T5336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   86.121333][ T5336]  ? rcu_is_watching+0x15/0xb0
[   86.123407][ T5336]  ? do_syscall_64+0xbe/0x3b0
[   86.125442][ T5336]  do_syscall_64+0xfa/0x3b0
[   86.127349][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.129852][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.133033][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   86.135714][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.138845][ T5336] RIP: 0033:0x7f3f5218e9a9
[   86.140799][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.149052][ T5336] RSP: 002b:00007f3f4e5f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.152649][ T5336] RAX: ffffffffffffffda RBX: 00007f3f523b5fa0 RCX: 00007f3f5218e9a9
[   86.156281][ T5336] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009
[   86.160091][ T5336] RBP: 00007f3f52210d69 R08: 0000000000000000 R09: 0000000000000000
[   86.163687][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.167205][ T5336] R13: 0000000000000000 R14: 00007f3f523b5fa0 R15: 00007ffe42862628
[   86.170859][ T5336]  </TASK>
[   86.172320][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.175647][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) 
[   86.180521][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.185308][ T5336] Call Trace:
[   86.186701][ T5336]  <TASK>
[   86.187961][ T5336]  dump_stack_lvl+0x99/0x250
[   86.189884][ T5336]  ? __asan_memcpy+0x40/0x70
[   86.191740][ T5336]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.193909][ T5336]  ? __pfx__printk+0x10/0x10
[   86.195845][ T5336]  panic+0x2db/0x790
[   86.197473][ T5336]  ? __pfx_panic+0x10/0x10
[   86.199460][ T5336]  __warn+0x31b/0x4b0
[   86.201304][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[   86.203774][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[   86.206324][ T5336]  report_bug+0x2be/0x4f0
[   86.208273][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[   86.210674][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[   86.213169][ T5336]  ? rate_control_rate_init+0x64c/0x6e0
[   86.215535][ T5336]  handle_bug+0x84/0x160
[   86.217308][ T5336]  exc_invalid_op+0x1a/0x50
[   86.219058][ T5336]  asm_exc_invalid_op+0x1a/0x20
[   86.221065][ T5336] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   86.223770][ T5336] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 a2 be d7 f6 90 0f 0b 90 eb e1 e8 97 be d7 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   86.232198][ T5336] RSP: 0018:ffffc9000d3b6ff0 EFLAGS: 00010287
[   86.235014][ T5336] RAX: ffffffff8ae80779 RBX: ffff888043aa8000 RCX: 0000000000100000
[   86.238232][ T5336] RDX: ffffc9000e112000 RSI: 0000000000000399 RDI: 000000000000039a
[   86.241595][ T5336] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ae80293
[   86.244984][ T5336] R10: dffffc0000000000 R11: ffffed1008755031 R12: 1ffff1100875500a
[   86.248427][ T5336] R13: ffff888052ec0e40 R14: 0000000000000001 R15: ffffffff8ae80293
[   86.251963][ T5336]  ? rate_control_rate_init+0x163/0x6e0
[   86.254412][ T5336]  ? rate_control_rate_init+0x163/0x6e0
[   86.256845][ T5336]  ? rate_control_rate_init+0x649/0x6e0
[   86.259312][ T5336]  rate_control_rate_init_all_links+0x109/0x1a0
[   86.262039][ T5336]  sta_apply_auth_flags+0x1c2/0x400
[   86.264364][ T5336]  sta_apply_parameters+0xe4b/0x15b0
[   86.266688][ T5336]  ieee80211_add_station+0x424/0x6a0
[   86.269073][ T5336]  rdev_add_station+0x105/0x290
[   86.271291][ T5336]  nl80211_new_station+0x1723/0x1b40
[   86.273658][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[   86.276237][ T5336]  ? netdev_run_todo+0xe1d/0xea0
[   86.278529][ T5336]  ? nl80211_pre_doit+0x4f1/0x930
[   86.280827][ T5336]  genl_family_rcv_msg_doit+0x215/0x300
[   86.283327][ T5336]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   86.286085][ T5336]  ? bpf_lsm_capable+0x9/0x20
[   86.287815][ T5336]  ? security_capable+0x7e/0x2e0
[   86.290057][ T5336]  genl_rcv_msg+0x60e/0x790
[   86.292148][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[   86.294384][ T5336]  ? ref_tracker_free+0x63a/0x7d0
[   86.296753][ T5336]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   86.299155][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[   86.301556][ T5336]  ? __pfx_nl80211_post_doit+0x10/0x10
[   86.304000][ T5336]  ? __pfx_ref_tracker_free+0x10/0x10
[   86.306281][ T5336]  netlink_rcv_skb+0x205/0x470
[   86.308208][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[   86.310132][ T5336]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   86.312231][ T5336]  ? down_read+0x1ad/0x2e0
[   86.314529][ T5336]  genl_rcv+0x28/0x40
[   86.316235][ T5336]  netlink_unicast+0x75c/0x8e0
[   86.318159][ T5336]  netlink_sendmsg+0x805/0xb30
[   86.320145][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.322318][ T5336]  ? aa_sock_msg_perm+0x94/0x160
[   86.324382][ T5336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.326506][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.328819][ T5336]  __sock_sendmsg+0x21c/0x270
[   86.330707][ T5336]  ____sys_sendmsg+0x505/0x830
[   86.332733][ T5336]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.335043][ T5336]  ? import_iovec+0x74/0xa0
[   86.337025][ T5336]  ___sys_sendmsg+0x21f/0x2a0
[   86.339028][ T5336]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.341132][ T5336]  __x64_sys_sendmsg+0x19b/0x260
[   86.343264][ T5336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   86.345562][ T5336]  ? rcu_is_watching+0x15/0xb0
[   86.347608][ T5336]  ? do_syscall_64+0xbe/0x3b0
[   86.349621][ T5336]  do_syscall_64+0xfa/0x3b0
[   86.351510][ T5336]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.353612][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.355927][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   86.357865][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.360521][ T5336] RIP: 0033:0x7f3f5218e9a9
[   86.362575][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.370990][ T5336] RSP: 002b:00007f3f4e5f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.374531][ T5336] RAX: ffffffffffffffda RBX: 00007f3f523b5fa0 RCX: 00007f3f5218e9a9
[   86.378115][ T5336] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000009
[   86.381417][ T5336] RBP: 00007f3f52210d69 R08: 0000000000000000 R09: 0000000000000000
[   86.384969][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.388745][ T5336] R13: 0000000000000000 R14: 00007f3f523b5fa0 R15: 00007ffe42862628
[   86.392748][ T5336]  </TASK>
[   86.394572][ T5336] Kernel Offset: disabled
[   86.396383][ T5336] Rebooting in 86400 seconds..