program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000080)=0xff, 0x4)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c)
sendto$inet6(r2, &(0x7f0000000100)="80000fdc2208a1ce", 0x8, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000006280)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x400000000000067, 0x40, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r1, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x8, 0x10, 0x34, 0x1}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x38e}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x3c, r5, 0xb97534d5fe9704cf, 0x20000, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
write(r8, &(0x7f00000002c0)="240000005f005f03a9f9f4ba0a1f00400000000012c95435da5480cea053f162e21cffdc", 0x24)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)

[   75.180981][ T5300] Bluetooth: hci0: command tx timeout
[   75.292743][ T5321] ------------[ cut here ]------------
[   75.295329][ T5321] WARNING: CPU: 0 PID: 5321 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[   75.300019][ T5321] Modules linked in:
[   75.301797][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.305768][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.310548][ T5321] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   75.313337][ T5321] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c8 19 8c 00 cc e8 92 f8 fa f6 90 0f 0b 90 eb e1 e8 87 f8 fa f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   75.322146][ T5321] RSP: 0018:ffffc9000fc2ef60 EFLAGS: 00010287
[   75.324896][ T5321] RAX: ffffffff8ac55ae9 RBX: ffff888012874000 RCX: 0000000000100000
[   75.328166][ T5321] RDX: ffffc9000db72000 RSI: 000000000000034f RDI: 0000000000000350
[   75.331561][ T5321] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ac55603
[   75.334731][ T5321] R10: dffffc0000000000 R11: ffffed100250e831 R12: 1ffff1100250e80a
[   75.337807][ T5321] R13: ffff888036408e80 R14: 0000000000000001 R15: ffffffff8ac55603
[   75.341217][ T5321] FS:  00007fbf9950c6c0(0000) GS:ffff88808d302000(0000) knlGS:0000000000000000
[   75.344966][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.347868][ T5321] CR2: 0000200000001080 CR3: 000000001ea3f000 CR4: 0000000000352ef0
[   75.351394][ T5321] Call Trace:
[   75.353027][ T5321]  <TASK>
[   75.354322][ T5321]  rate_control_rate_init_all_links+0x109/0x1a0
[   75.357091][ T5321]  sta_apply_auth_flags+0x1c2/0x400
[   75.359486][ T5321]  sta_apply_parameters+0xe27/0x1570
[   75.361711][ T5321]  ieee80211_add_station+0x424/0x6a0
[   75.363917][ T5321]  rdev_add_station+0x108/0x290
[   75.365970][ T5321]  nl80211_new_station+0x1755/0x1b70
[   75.368230][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.370798][ T5321]  ? netdev_run_todo+0xe1d/0xea0
[   75.372977][ T5321]  ? nl80211_pre_doit+0x4f1/0x930
[   75.375132][ T5321]  genl_family_rcv_msg_doit+0x215/0x300
[   75.377473][ T5321]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   75.380271][ T5321]  ? bpf_lsm_capable+0x9/0x20
[   75.382309][ T5321]  ? security_capable+0x7e/0x2e0
[   75.384486][ T5321]  genl_rcv_msg+0x60e/0x790
[   75.386285][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.388295][ T5321]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   75.390590][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.392810][ T5321]  ? __pfx_nl80211_post_doit+0x10/0x10
[   75.394948][ T5321]  ? __asan_memcpy+0x40/0x70
[   75.396822][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   75.399143][ T5321]  netlink_rcv_skb+0x208/0x470
[   75.401201][ T5321]  ? __lock_acquire+0xab9/0xd20
[   75.403281][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.405393][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.407658][ T5321]  ? down_read+0x1ad/0x2e0
[   75.409865][ T5321]  genl_rcv+0x28/0x40
[   75.411601][ T5321]  netlink_unicast+0x82f/0x9e0
[   75.413643][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   75.415911][ T5321]  ? netlink_sendmsg+0x642/0xb30
[   75.418017][ T5321]  ? skb_put+0x11b/0x210
[   75.419952][ T5321]  netlink_sendmsg+0x805/0xb30
[   75.421944][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.424123][ T5321]  ? aa_sock_msg_perm+0xf1/0x1d0
[   75.426304][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.428467][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.430960][ T5321]  __sock_sendmsg+0x21c/0x270
[   75.433018][ T5321]  ____sys_sendmsg+0x505/0x830
[   75.435010][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.437278][ T5321]  ? import_iovec+0x74/0xa0
[   75.439381][ T5321]  ___sys_sendmsg+0x21f/0x2a0
[   75.441456][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.443790][ T5321]  ? __fget_files+0x2a/0x420
[   75.445784][ T5321]  ? __fget_files+0x3a0/0x420
[   75.447938][ T5321]  __x64_sys_sendmsg+0x19b/0x260
[   75.450202][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.452509][ T5321]  ? do_syscall_64+0xbe/0xfa0
[   75.454640][ T5321]  do_syscall_64+0xfa/0xfa0
[   75.456963][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.459265][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.461788][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   75.463737][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.466225][ T5321] RIP: 0033:0x7fbf9858efc9
[   75.468157][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.476263][ T5321] RSP: 002b:00007fbf9950c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.479682][ T5321] RAX: ffffffffffffffda RBX: 00007fbf987e5fa0 RCX: 00007fbf9858efc9
[   75.483035][ T5321] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   75.486336][ T5321] RBP: 00007fbf98611f91 R08: 0000000000000000 R09: 0000000000000000
[   75.490085][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.493523][ T5321] R13: 00007fbf987e6038 R14: 00007fbf987e5fa0 R15: 00007ffe73cfb5b8
[   75.496896][ T5321]  </TASK>
[   75.498257][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.501422][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.505244][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.509753][ T5321] Call Trace:
[   75.511239][ T5321]  <TASK>
[   75.512586][ T5321]  dump_stack_lvl+0x99/0x250
[   75.514640][ T5321]  ? __asan_memcpy+0x40/0x70
[   75.516759][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.519094][ T5321]  ? __pfx__printk+0x10/0x10
[   75.520952][ T5321]  vpanic+0x237/0x6d0
[   75.522669][ T5321]  ? __pfx_vpanic+0x10/0x10
[   75.524648][ T5321]  panic+0xb9/0xc0
[   75.526442][ T5321]  ? __pfx_panic+0x10/0x10
[   75.528958][ T5321]  __warn+0x31b/0x4b0
[   75.530870][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   75.533298][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   75.535646][ T5321]  report_bug+0x2be/0x4f0
[   75.537437][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   75.539769][ T5321]  ? rate_control_rate_init+0x64a/0x6e0
[   75.542115][ T5321]  ? rate_control_rate_init+0x64c/0x6e0
[   75.544487][ T5321]  handle_bug+0x84/0x160
[   75.546370][ T5321]  exc_invalid_op+0x1a/0x50
[   75.548273][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   75.550483][ T5321] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[   75.553090][ T5321] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c8 19 8c 00 cc e8 92 f8 fa f6 90 0f 0b 90 eb e1 e8 87 f8 fa f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[   75.561050][ T5321] RSP: 0018:ffffc9000fc2ef60 EFLAGS: 00010287
[   75.563631][ T5321] RAX: ffffffff8ac55ae9 RBX: ffff888012874000 RCX: 0000000000100000
[   75.566901][ T5321] RDX: ffffc9000db72000 RSI: 000000000000034f RDI: 0000000000000350
[   75.570051][ T5321] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ac55603
[   75.573560][ T5321] R10: dffffc0000000000 R11: ffffed100250e831 R12: 1ffff1100250e80a
[   75.576860][ T5321] R13: ffff888036408e80 R14: 0000000000000001 R15: ffffffff8ac55603
[   75.580022][ T5321]  ? rate_control_rate_init+0x163/0x6e0
[   75.582292][ T5321]  ? rate_control_rate_init+0x163/0x6e0
[   75.584615][ T5321]  ? rate_control_rate_init+0x649/0x6e0
[   75.587052][ T5321]  rate_control_rate_init_all_links+0x109/0x1a0
[   75.589586][ T5321]  sta_apply_auth_flags+0x1c2/0x400
[   75.591837][ T5321]  sta_apply_parameters+0xe27/0x1570
[   75.594166][ T5321]  ieee80211_add_station+0x424/0x6a0
[   75.596518][ T5321]  rdev_add_station+0x108/0x290
[   75.598675][ T5321]  nl80211_new_station+0x1755/0x1b70
[   75.600941][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.603379][ T5321]  ? netdev_run_todo+0xe1d/0xea0
[   75.605456][ T5321]  ? nl80211_pre_doit+0x4f1/0x930
[   75.607691][ T5321]  genl_family_rcv_msg_doit+0x215/0x300
[   75.610051][ T5321]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   75.612587][ T5321]  ? bpf_lsm_capable+0x9/0x20
[   75.614525][ T5321]  ? security_capable+0x7e/0x2e0
[   75.616520][ T5321]  genl_rcv_msg+0x60e/0x790
[   75.618472][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.620719][ T5321]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   75.622929][ T5321]  ? __pfx_nl80211_new_station+0x10/0x10
[   75.625239][ T5321]  ? __pfx_nl80211_post_doit+0x10/0x10
[   75.627541][ T5321]  ? __asan_memcpy+0x40/0x70
[   75.629506][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   75.631855][ T5321]  netlink_rcv_skb+0x208/0x470
[   75.633779][ T5321]  ? __lock_acquire+0xab9/0xd20
[   75.635910][ T5321]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.638060][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.640454][ T5321]  ? down_read+0x1ad/0x2e0
[   75.642277][ T5321]  genl_rcv+0x28/0x40
[   75.643913][ T5321]  netlink_unicast+0x82f/0x9e0
[   75.645889][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   75.648025][ T5321]  ? netlink_sendmsg+0x642/0xb30
[   75.650056][ T5321]  ? skb_put+0x11b/0x210
[   75.651870][ T5321]  netlink_sendmsg+0x805/0xb30
[   75.653842][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.656104][ T5321]  ? aa_sock_msg_perm+0xf1/0x1d0
[   75.658141][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.660419][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.662672][ T5321]  __sock_sendmsg+0x21c/0x270
[   75.664548][ T5321]  ____sys_sendmsg+0x505/0x830
[   75.666573][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.668878][ T5321]  ? import_iovec+0x74/0xa0
[   75.670825][ T5321]  ___sys_sendmsg+0x21f/0x2a0
[   75.672784][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.674997][ T5321]  ? __fget_files+0x2a/0x420
[   75.676952][ T5321]  ? __fget_files+0x3a0/0x420
[   75.678939][ T5321]  __x64_sys_sendmsg+0x19b/0x260
[   75.681101][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.683436][ T5321]  ? do_syscall_64+0xbe/0xfa0
[   75.685451][ T5321]  do_syscall_64+0xfa/0xfa0
[   75.687391][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.689761][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.692294][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   75.694280][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.696982][ T5321] RIP: 0033:0x7fbf9858efc9
[   75.698934][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.706710][ T5321] RSP: 002b:00007fbf9950c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.710261][ T5321] RAX: ffffffffffffffda RBX: 00007fbf987e5fa0 RCX: 00007fbf9858efc9
[   75.713634][ T5321] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[   75.717027][ T5321] RBP: 00007fbf98611f91 R08: 0000000000000000 R09: 0000000000000000
[   75.720483][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.723916][ T5321] R13: 00007fbf987e6038 R14: 00007fbf987e5fa0 R15: 00007ffe73cfb5b8
[   75.727348][ T5321]  </TASK>
[   75.729055][ T5321] Kernel Offset: disabled
[   75.730978][ T5321] Rebooting in 86400 seconds..