program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = landlock_create_ruleset(&(0x7f00000001c0)={0x100}, 0x18, 0x3)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000200)={0x100, r6}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000000c0)={0x3c, r1, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x57d}]}, 0x3c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
socket$qrtr(0x2a, 0x2, 0x0) (async)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
landlock_create_ruleset(&(0x7f00000001c0)={0x100}, 0x18, 0x3) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000200)={0x100, r6}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000000c0)={0x3c, r1, 0xb97534d5fe9704cf, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x57d}]}, 0x3c}}, 0x0) (async)

[   85.031626][   T45] Bluetooth: hci0: command tx timeout
[   85.142485][ T5327] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   85.155246][ T5327] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   85.181089][ T5328] ------------[ cut here ]------------
[   85.183636][ T5328] !chanctx_conf
[   85.183646][ T5328] WARNING: net/mac80211/tx.c:6307 at ieee80211_tx_skb_tid+0x3b4/0x470, CPU#0: syz.0.0/5328
[   85.189467][ T5328] Modules linked in:
[   85.191415][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.196247][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.201566][ T5328] RIP: 0010:ieee80211_tx_skb_tid+0x3b4/0x470
[   85.204301][ T5328] Code: 07 76 f6 e9 b1 fe ff ff e8 09 e4 99 f6 90 0f 0b 90 e9 e2 fe ff ff e8 fb e3 99 f6 90 0f 0b 90 e9 2a fe ff ff e8 ed e3 99 f6 90 <0f> 0b 90 e8 54 cc fd ff 31 ff 48 8b 34 24 ba 02 00 00 00 48 83 c4
[   85.212912][ T5328] RSP: 0018:ffffc9000db57478 EFLAGS: 00010293
[   85.215746][ T5328] RAX: ffffffff8b2bccb3 RBX: ffffffff8b2bc92f RCX: ffff888034afa4c0
[   85.219883][ T5328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   85.223746][ T5328] RBP: 00000000ffffffff R08: ffffffff8b2bc92f R09: ffffffff8e75e520
[   85.227400][ T5328] R10: dffffc0000000000 R11: ffffed1008619bb6 R12: ffff88803cf24dc0
[   85.231313][ T5328] R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
[   85.235870][ T5328] FS:  00007f96000ae6c0(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[   85.239866][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.242853][ T5328] CR2: 00007f96000adff8 CR3: 0000000042b59000 CR4: 0000000000352ef0
[   85.246874][ T5328] Call Trace:
[   85.249201][ T5328]  <TASK>
[   85.251156][ T5328]  mesh_plink_frame_tx+0x748/0xc20
[   85.253733][ T5328]  ? __pfx_mesh_plink_frame_tx+0x10/0x10
[   85.256223][ T5328]  ? ieee80211_mps_set_sta_local_pm+0xb1/0x310
[   85.259087][ T5328]  mesh_plink_deactivate+0x18e/0x2f0
[   85.261860][ T5328]  mesh_sta_cleanup+0x42/0x150
[   85.264494][ T5328]  cleanup_single_sta+0x40f/0x660
[   85.267073][ T5328]  __sta_info_flush+0x5f1/0x720
[   85.269186][ T5328]  ? __pfx___sta_info_flush+0x10/0x10
[   85.271515][ T5328]  ieee80211_do_stop+0x3ca/0x2010
[   85.273512][ T5328]  ? __mutex_lock+0x319/0x1300
[   85.275543][ T5328]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   85.278316][ T5328]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   85.282146][ T5328]  ieee80211_stop+0x1b1/0x240
[   85.285237][ T5328]  ? __pfx_ieee80211_stop+0x10/0x10
[   85.288141][ T5328]  __dev_close_many+0x368/0x6d0
[   85.290403][ T5328]  ? __pfx___dev_close_many+0x10/0x10
[   85.293207][ T5328]  ? __dev_change_flags+0x1b0/0x690
[   85.296183][ T5328]  __dev_change_flags+0x2cb/0x690
[   85.298496][ T5328]  ? qrtr_ioctl+0x3ae/0x460
[   85.300349][ T5328]  ? __pfx___dev_change_flags+0x10/0x10
[   85.302778][ T5328]  ? qrtr_ioctl+0x3ae/0x460
[   85.304898][ T5328]  ? full_name_hash+0x92/0xe0
[   85.307350][ T5328]  netif_change_flags+0x88/0x1a0
[   85.310631][ T5328]  dev_change_flags+0x130/0x260
[   85.313024][ T5328]  dev_ioctl+0x7b4/0x1150
[   85.315046][ T5328]  sock_do_ioctl+0x23e/0x320
[   85.317205][ T5328]  ? __pfx_sock_do_ioctl+0x10/0x10
[   85.319480][ T5328]  ? do_futex+0x333/0x420
[   85.321672][ T5328]  sock_ioctl+0x5c6/0x7f0
[   85.324410][ T5328]  ? __pfx_sock_ioctl+0x10/0x10
[   85.327267][ T5328]  ? __fget_files+0x2a/0x420
[   85.329358][ T5328]  ? __fget_files+0x3a0/0x420
[   85.331435][ T5328]  ? __fget_files+0x2a/0x420
[   85.333277][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.335390][ T5328]  ? __pfx_sock_ioctl+0x10/0x10
[   85.337475][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.340162][ T5328]  do_syscall_64+0x14d/0xf80
[   85.342950][ T5328]  ? trace_irq_disable+0x3b/0x150
[   85.345348][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.348096][ T5328]  ? clear_bhb_loop+0x40/0x90
[   85.350292][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.353259][ T5328] RIP: 0033:0x7f95ff19c799
[   85.355062][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.365597][ T5328] RSP: 002b:00007f96000adfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.370029][ T5328] RAX: ffffffffffffffda RBX: 00007f95ff416090 RCX: 00007f95ff19c799
[   85.373351][ T5328] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004
[   85.376318][ T5328] RBP: 00007f95ff232c99 R08: 0000000000000000 R09: 0000000000000000
[   85.379914][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.383658][ T5328] R13: 00007f95ff416128 R14: 00007f95ff416090 R15: 00007fff5e6e24b8
[   85.387303][ T5328]  </TASK>
[   85.388714][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.391940][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.395701][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.401169][ T5328] Call Trace:
[   85.402684][ T5328]  <TASK>
[   85.403991][ T5328]  vpanic+0x56c/0xa60
[   85.405729][ T5328]  ? __pfx__printk+0x10/0x10
[   85.407775][ T5328]  ? __pfx_vpanic+0x10/0x10
[   85.409711][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   85.412089][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   85.414503][ T5328]  panic+0xc5/0xd0
[   85.416225][ T5328]  ? __pfx_panic+0x10/0x10
[   85.418296][ T5328]  __warn+0x315/0x4f0
[   85.420236][ T5328]  ? ieee80211_tx_skb_tid+0x3b4/0x470
[   85.423015][ T5328]  ? ieee80211_tx_skb_tid+0x3b4/0x470
[   85.425936][ T5328]  __report_bug+0x29a/0x540
[   85.428220][ T5328]  ? ieee80211_tx_skb_tid+0x3b4/0x470
[   85.430409][ T5328]  ? __pfx___report_bug+0x10/0x10
[   85.432450][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   85.434317][ T5328]  ? ieee80211_tx_skb_tid+0x3b4/0x470
[   85.436578][ T5328]  report_bug+0x16a/0x220
[   85.438738][ T5328]  ? ieee80211_tx_skb_tid+0x3b4/0x470
[   85.441112][ T5328]  ? ieee80211_tx_skb_tid+0x3b6/0x470
[   85.443164][ T5328]  handle_bug+0x9c/0x200
[   85.445060][ T5328]  exc_invalid_op+0x1a/0x50
[   85.447120][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   85.449245][ T5328] RIP: 0010:ieee80211_tx_skb_tid+0x3b4/0x470
[   85.451834][ T5328] Code: 07 76 f6 e9 b1 fe ff ff e8 09 e4 99 f6 90 0f 0b 90 e9 e2 fe ff ff e8 fb e3 99 f6 90 0f 0b 90 e9 2a fe ff ff e8 ed e3 99 f6 90 <0f> 0b 90 e8 54 cc fd ff 31 ff 48 8b 34 24 ba 02 00 00 00 48 83 c4
[   85.460362][ T5328] RSP: 0018:ffffc9000db57478 EFLAGS: 00010293
[   85.463224][ T5328] RAX: ffffffff8b2bccb3 RBX: ffffffff8b2bc92f RCX: ffff888034afa4c0
[   85.466890][ T5328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   85.470574][ T5328] RBP: 00000000ffffffff R08: ffffffff8b2bc92f R09: ffffffff8e75e520
[   85.474199][ T5328] R10: dffffc0000000000 R11: ffffed1008619bb6 R12: ffff88803cf24dc0
[   85.478802][ T5328] R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
[   85.482596][ T5328]  ? ieee80211_tx_skb_tid+0x2f/0x470
[   85.484801][ T5328]  ? ieee80211_tx_skb_tid+0x2f/0x470
[   85.487289][ T5328]  ? ieee80211_tx_skb_tid+0x3b3/0x470
[   85.489389][ T5328]  ? ieee80211_tx_skb_tid+0x3b3/0x470
[   85.491456][ T5328]  mesh_plink_frame_tx+0x748/0xc20
[   85.493736][ T5328]  ? __pfx_mesh_plink_frame_tx+0x10/0x10
[   85.496402][ T5328]  ? ieee80211_mps_set_sta_local_pm+0xb1/0x310
[   85.499745][ T5328]  mesh_plink_deactivate+0x18e/0x2f0
[   85.502219][ T5328]  mesh_sta_cleanup+0x42/0x150
[   85.504375][ T5328]  cleanup_single_sta+0x40f/0x660
[   85.506722][ T5328]  __sta_info_flush+0x5f1/0x720
[   85.508955][ T5328]  ? __pfx___sta_info_flush+0x10/0x10
[   85.512183][ T5328]  ieee80211_do_stop+0x3ca/0x2010
[   85.514876][ T5328]  ? __mutex_lock+0x319/0x1300
[   85.517243][ T5328]  ? __pfx_ieee80211_do_stop+0x10/0x10
[   85.519775][ T5328]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   85.522327][ T5328]  ieee80211_stop+0x1b1/0x240
[   85.524517][ T5328]  ? __pfx_ieee80211_stop+0x10/0x10
[   85.526957][ T5328]  __dev_close_many+0x368/0x6d0
[   85.529205][ T5328]  ? __pfx___dev_close_many+0x10/0x10
[   85.531684][ T5328]  ? __dev_change_flags+0x1b0/0x690
[   85.534079][ T5328]  __dev_change_flags+0x2cb/0x690
[   85.536544][ T5328]  ? qrtr_ioctl+0x3ae/0x460
[   85.539591][ T5328]  ? __pfx___dev_change_flags+0x10/0x10
[   85.542934][ T5328]  ? qrtr_ioctl+0x3ae/0x460
[   85.545038][ T5328]  ? full_name_hash+0x92/0xe0
[   85.547358][ T5328]  netif_change_flags+0x88/0x1a0
[   85.550075][ T5328]  dev_change_flags+0x130/0x260
[   85.552507][ T5328]  dev_ioctl+0x7b4/0x1150
[   85.554652][ T5328]  sock_do_ioctl+0x23e/0x320
[   85.557144][ T5328]  ? __pfx_sock_do_ioctl+0x10/0x10
[   85.560004][ T5328]  ? do_futex+0x333/0x420
[   85.562288][ T5328]  sock_ioctl+0x5c6/0x7f0
[   85.564506][ T5328]  ? __pfx_sock_ioctl+0x10/0x10
[   85.566729][ T5328]  ? __fget_files+0x2a/0x420
[   85.568959][ T5328]  ? __fget_files+0x3a0/0x420
[   85.571462][ T5328]  ? __fget_files+0x2a/0x420
[   85.574100][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.576604][ T5328]  ? __pfx_sock_ioctl+0x10/0x10
[   85.579024][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.581162][ T5328]  do_syscall_64+0x14d/0xf80
[   85.583149][ T5328]  ? trace_irq_disable+0x3b/0x150
[   85.585236][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.588143][ T5328]  ? clear_bhb_loop+0x40/0x90
[   85.590827][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.593686][ T5328] RIP: 0033:0x7f95ff19c799
[   85.595653][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.604382][ T5328] RSP: 002b:00007f96000adfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.608804][ T5328] RAX: ffffffffffffffda RBX: 00007f95ff416090 RCX: 00007f95ff19c799
[   85.612737][ T5328] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000004
[   85.616110][ T5328] RBP: 00007f95ff232c99 R08: 0000000000000000 R09: 0000000000000000
[   85.619652][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.623712][ T5328] R13: 00007f95ff416128 R14: 00007f95ff416090 R15: 00007fff5e6e24b8
[   85.627705][ T5328]  </TASK>
[   85.629573][ T5328] Kernel Offset: disabled
[   85.631605][ T5328] Rebooting in 86400 seconds..