program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x60, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x60}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x3)
ioctl$sock_inet6_tcp_SIOCOUTQ(r10, 0x5411, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r11=>0xffffffffffffffff})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_WDS_PEER(r12, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r5, 0x2, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x4, 0x28}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r16=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r14, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r15, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r16, @ANYBLOB="04804600020200150800010000000000"], 0x34}}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r12, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000340)={0x48, r13, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{0x82516eacb4127ee5}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xb}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000081}, 0x0)
setsockopt$SO_BINDTODEVICE(r11, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_0\x00', 0x10)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)={0x7c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x4a, 0x33, @mgmt_frame=@assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x410d}, @broadcast, @device_b, @from_mac=@broadcast, {0x3}, @value=@ver_80211n={0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, 0x404, 0x9, {0x0, 0x6, @default_ap_ssid}, @val, @val={0x2d, 0x1a, {0x40, 0x1, 0x1, 0x0, {0x2, 0xf, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x800, 0x40, 0x3}}}}]}, 0x7c}}, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)

[   76.731776][ T5309] Bluetooth: hci0: command tx timeout
[   76.736202][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[   76.738637][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[   76.861287][ T5324] netlink: 24 bytes leftover after parsing attributes in process `syz.0.0'.
[   76.866115][ T5324] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:01 with invalid nss 1
[   76.866654][ T5324] ------------[ cut here ]------------
[   76.872820][ T5324] WARNING: CPU: 0 PID: 5324 at include/net/mac80211.h:7028 minstrel_ht_update_caps+0x44a/0x17e0
[   76.876665][ T5324] Modules linked in:
[   76.878081][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[   76.881920][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.885927][ T5324] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0
[   76.888270][ T5324] Code: da e8 fa ea 9d f9 e9 24 ff ff ff e8 10 1f 3d f6 eb 17 e8 09 1f 3d f6 eb 14 e8 02 1f 3d f6 49 c1 fd 38 eb 0c e8 f7 1e 3d f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   76.895308][ T5324] RSP: 0018:ffffc9000201ef80 EFLAGS: 00010287
[   76.897506][ T5324] RAX: ffffffff8b57cb79 RBX: 000000000000000c RCX: 0000000000040000
[   76.900109][ T5324] RDX: ffffc9000d941000 RSI: 00000000000005bf RDI: 00000000000005c0
[   76.902810][ T5324] RBP: 0000000000000000 R08: ffffffff8b57ca95 R09: 0000000000000000
[   76.905611][ T5324] R10: ffff88804fe5c008 R11: ffffed1009fcbd49 R12: 1ffff11009f8661c
[   76.908701][ T5324] R13: 0b00000000000000 R14: ffff88804fc330e0 R15: 0100000000000000
[   76.911700][ T5324] FS:  00007fa072ce26c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   76.915221][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.917699][ T5324] CR2: 0000000020001080 CR3: 0000000040176000 CR4: 0000000000352ef0
[   76.920558][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.923589][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.926499][ T5324] Call Trace:
[   76.927716][ T5324]  <TASK>
[   76.928905][ T5324]  ? __warn+0x168/0x4e0
[   76.930526][ T5324]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   76.932840][ T5324]  ? report_bug+0x2b3/0x500
[   76.934547][ T5324]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   76.936809][ T5324]  ? handle_bug+0x60/0x90
[   76.938427][ T5324]  ? exc_invalid_op+0x1a/0x50
[   76.940119][ T5324]  ? asm_exc_invalid_op+0x1a/0x20
[   76.942041][ T5324]  ? minstrel_ht_update_caps+0x365/0x17e0
[   76.944336][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   76.946325][ T5324]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   76.948508][ T5324]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   76.950519][ T5324]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   76.952878][ T5324]  rate_control_rate_init+0x3cf/0x5f0
[   76.954944][ T5324]  ? rate_control_rate_init+0xe3/0x5f0
[   76.957028][ T5324]  sta_apply_auth_flags+0x1b6/0x410
[   76.959079][ T5324]  sta_apply_parameters+0xe23/0x1550
[   76.961217][ T5324]  ieee80211_add_station+0x3da/0x630
[   76.963329][ T5324]  rdev_add_station+0x11b/0x2b0
[   76.965013][ T5324]  nl80211_new_station+0x1d53/0x2550
[   76.966807][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   76.968779][ T5324]  ? netdev_run_todo+0xf88/0x1000
[   76.970548][ T5324]  genl_rcv_msg+0xb14/0xec0
[   76.972119][ T5324]  ? mark_lock+0x9a/0x360
[   76.973441][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.974987][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   76.976523][ T5324]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   76.978431][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   76.980586][ T5324]  ? __pfx_nl80211_post_doit+0x10/0x10
[   76.982749][ T5324]  ? __pfx___might_resched+0x10/0x10
[   76.984758][ T5324]  netlink_rcv_skb+0x1e3/0x430
[   76.986584][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   76.988534][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   76.990525][ T5324]  ? __netlink_deliver_tap+0x77e/0x7c0
[   76.992458][ T5324]  genl_rcv+0x28/0x40
[   76.994017][ T5324]  netlink_unicast+0x7f6/0x990
[   76.995821][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   76.997825][ T5324]  ? __virt_addr_valid+0x183/0x530
[   76.999696][ T5324]  ? __check_object_size+0x48e/0x900
[   77.001689][ T5324]  netlink_sendmsg+0x8e4/0xcb0
[   77.003601][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.005638][ T5324]  ? aa_sock_msg_perm+0x91/0x160
[   77.007553][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.009577][ T5324]  __sock_sendmsg+0x221/0x270
[   77.011225][ T5324]  ____sys_sendmsg+0x52a/0x7e0
[   77.013053][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   77.014921][ T5324]  __sys_sendmsg+0x292/0x380
[   77.016466][ T5324]  ? __pfx___sys_sendmsg+0x10/0x10
[   77.018335][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   77.020519][ T5324]  ? do_syscall_64+0x100/0x230
[   77.022137][ T5324]  ? do_syscall_64+0xb6/0x230
[   77.023824][ T5324]  do_syscall_64+0xf3/0x230
[   77.025552][ T5324]  ? clear_bhb_loop+0x35/0x90
[   77.027356][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.029612][ T5324] RIP: 0033:0x7fa071f7e719
[   77.031312][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.038692][ T5324] RSP: 002b:00007fa072ce2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.041914][ T5324] RAX: ffffffffffffffda RBX: 00007fa072135f80 RCX: 00007fa071f7e719
[   77.045012][ T5324] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 000000000000000a
[   77.047978][ T5324] RBP: 00007fa071ff132e R08: 0000000000000000 R09: 0000000000000000
[   77.050482][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.053280][ T5324] R13: 0000000000000000 R14: 00007fa072135f80 R15: 00007fffdeb112a8
[   77.055827][ T5324]  </TASK>
[   77.057026][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.059844][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
[   77.063663][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.067600][ T5324] Call Trace:
[   77.068916][ T5324]  <TASK>
[   77.070014][ T5324]  dump_stack_lvl+0x241/0x360
[   77.071618][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.073504][ T5324]  ? __pfx__printk+0x10/0x10
[   77.075387][ T5324]  ? vscnprintf+0x5d/0x90
[   77.077126][ T5324]  panic+0x349/0x880
[   77.078702][ T5324]  ? __warn+0x177/0x4e0
[   77.080237][ T5324]  ? __pfx_panic+0x10/0x10
[   77.081937][ T5324]  __warn+0x34b/0x4e0
[   77.083520][ T5324]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   77.085827][ T5324]  report_bug+0x2b3/0x500
[   77.087476][ T5324]  ? minstrel_ht_update_caps+0x44a/0x17e0
[   77.089714][ T5324]  handle_bug+0x60/0x90
[   77.091245][ T5324]  exc_invalid_op+0x1a/0x50
[   77.092865][ T5324]  asm_exc_invalid_op+0x1a/0x20
[   77.094492][ T5324] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0
[   77.096875][ T5324] Code: da e8 fa ea 9d f9 e9 24 ff ff ff e8 10 1f 3d f6 eb 17 e8 09 1f 3d f6 eb 14 e8 02 1f 3d f6 49 c1 fd 38 eb 0c e8 f7 1e 3d f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b
[   77.104280][ T5324] RSP: 0018:ffffc9000201ef80 EFLAGS: 00010287
[   77.106297][ T5324] RAX: ffffffff8b57cb79 RBX: 000000000000000c RCX: 0000000000040000
[   77.109139][ T5324] RDX: ffffc9000d941000 RSI: 00000000000005bf RDI: 00000000000005c0
[   77.111831][ T5324] RBP: 0000000000000000 R08: ffffffff8b57ca95 R09: 0000000000000000
[   77.114901][ T5324] R10: ffff88804fe5c008 R11: ffffed1009fcbd49 R12: 1ffff11009f8661c
[   77.117845][ T5324] R13: 0b00000000000000 R14: ffff88804fc330e0 R15: 0100000000000000
[   77.120796][ T5324]  ? minstrel_ht_update_caps+0x365/0x17e0
[   77.122801][ T5324]  ? minstrel_ht_update_caps+0x449/0x17e0
[   77.124745][ T5324]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   77.126641][ T5324]  ? __pfx_minstrel_ht_rate_init+0x10/0x10
[   77.128798][ T5324]  rate_control_rate_init+0x3cf/0x5f0
[   77.130739][ T5324]  ? rate_control_rate_init+0xe3/0x5f0
[   77.132538][ T5324]  sta_apply_auth_flags+0x1b6/0x410
[   77.134536][ T5324]  sta_apply_parameters+0xe23/0x1550
[   77.136342][ T5324]  ieee80211_add_station+0x3da/0x630
[   77.138169][ T5324]  rdev_add_station+0x11b/0x2b0
[   77.139840][ T5324]  nl80211_new_station+0x1d53/0x2550
[   77.141825][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.143665][ T5324]  ? netdev_run_todo+0xf88/0x1000
[   77.145432][ T5324]  genl_rcv_msg+0xb14/0xec0
[   77.147120][ T5324]  ? mark_lock+0x9a/0x360
[   77.148709][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.150506][ T5324]  ? __pfx_lock_acquire+0x10/0x10
[   77.152232][ T5324]  ? __pfx_nl80211_pre_doit+0x10/0x10
[   77.154026][ T5324]  ? __pfx_nl80211_new_station+0x10/0x10
[   77.156137][ T5324]  ? __pfx_nl80211_post_doit+0x10/0x10
[   77.158086][ T5324]  ? __pfx___might_resched+0x10/0x10
[   77.159919][ T5324]  netlink_rcv_skb+0x1e3/0x430
[   77.161598][ T5324]  ? __pfx_genl_rcv_msg+0x10/0x10
[   77.163355][ T5324]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   77.165136][ T5324]  ? __netlink_deliver_tap+0x77e/0x7c0
[   77.166680][ T5324]  genl_rcv+0x28/0x40
[   77.168158][ T5324]  netlink_unicast+0x7f6/0x990
[   77.169794][ T5324]  ? __pfx_netlink_unicast+0x10/0x10
[   77.171528][ T5324]  ? __virt_addr_valid+0x183/0x530
[   77.173308][ T5324]  ? __check_object_size+0x48e/0x900
[   77.175229][ T5324]  netlink_sendmsg+0x8e4/0xcb0
[   77.176913][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.178815][ T5324]  ? aa_sock_msg_perm+0x91/0x160
[   77.180648][ T5324]  ? __pfx_netlink_sendmsg+0x10/0x10
[   77.182392][ T5324]  __sock_sendmsg+0x221/0x270
[   77.184051][ T5324]  ____sys_sendmsg+0x52a/0x7e0
[   77.185996][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   77.188039][ T5324]  __sys_sendmsg+0x292/0x380
[   77.189801][ T5324]  ? __pfx___sys_sendmsg+0x10/0x10
[   77.191736][ T5324]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   77.194153][ T5324]  ? do_syscall_64+0x100/0x230
[   77.195977][ T5324]  ? do_syscall_64+0xb6/0x230
[   77.197708][ T5324]  do_syscall_64+0xf3/0x230
[   77.199366][ T5324]  ? clear_bhb_loop+0x35/0x90
[   77.201123][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.203046][ T5324] RIP: 0033:0x7fa071f7e719
[   77.204549][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.210065][ T5324] RSP: 002b:00007fa072ce2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.212947][ T5324] RAX: ffffffffffffffda RBX: 00007fa072135f80 RCX: 00007fa071f7e719
[   77.215625][ T5324] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 000000000000000a
[   77.218492][ T5324] RBP: 00007fa071ff132e R08: 0000000000000000 R09: 0000000000000000
[   77.221092][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.223512][ T5324] R13: 0000000000000000 R14: 00007fa072135f80 R15: 00007fffdeb112a8
[   77.226006][ T5324]  </TASK>
[   77.227326][ T5324] Kernel Offset: disabled
[   77.229075][ T5324] Rebooting in 86400 seconds..