program:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = openat(r1, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(r2, &(0x7f0000000240)='./bus\x00', r3, &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000004c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r8, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x6}, @broadcast, @broadcast}}]}, 0x34}}, 0x8000)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r8, @ANYBLOB="050026bd7000000000000ff6ffff07000300", @ANYRES32=r9, @ANYBLOB="640017800c0004000302f6f9176bfa3c050001001200000000000000050001000100000000000000050002000100000000000000050001000b000000000000000c000400dceeaf9096e0295f050001000300000000000000050002000b00000000000000080026006c090000080027000100000008000c006400000008000d0000000000"], 0xa0}}, 0x20000014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r11=>0xffffffffffffffff})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r14=>0x0})
mount$bind(&(0x7f0000000380)='./bus\x00', &(0x7f0000000400)='./bus/file0\x00', &(0x7f0000000440), 0x2000004, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r12, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)={0x3c, r13, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x4080)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x3)
r15 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_pid(r15, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r16 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r17 = openat$cgroup_procs(r16, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r17, &(0x7f0000000140), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)

[  117.519324][ T4670] Bluetooth: hci0: command tx timeout
[  117.619827][ T5336] netlink: 'syz.0.0': attribute type 3 has an invalid length.
[  117.628522][ T5336] ------------[ cut here ]------------
[  117.630764][ T5336] !chanctx_conf
[  117.630774][ T5336] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.0.0/5336
[  117.637728][ T5336] Modules linked in:
[  117.639632][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  117.643871][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  117.648575][ T5336] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  117.651169][ T5336] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 b2 c0 9c f6 90 0f 0b 90 eb e1 e8 a7 c0 9c f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  117.659785][ T5336] RSP: 0018:ffffc90003adefd8 EFLAGS: 00010283
[  117.663055][ T5336] RAX: ffffffff8b291e09 RBX: ffff88801fb24000 RCX: 0000000000100000
[  117.666992][ T5336] RDX: ffffc90020802000 RSI: 0000000000000497 RDI: 0000000000000498
[  117.670276][ T5336] RBP: 0000000000000000 R08: ffffffff8b291923 R09: ffffffff8e95cce0
[  117.673723][ T5336] R10: dffffc0000000000 R11: ffffed1003f64831 R12: 1ffff11003f6480a
[  117.677060][ T5336] R13: ffff888042ba0f20 R14: 0000000000000001 R15: ffffffff8b291923
[  117.681653][ T5336] FS:  00007f01d29f66c0(0000) GS:ffff88808c81a000(0000) knlGS:0000000000000000
[  117.685576][ T5336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.688132][ T5336] CR2: 00007f01d1b87980 CR3: 000000003daec000 CR4: 0000000000352ef0
[  117.691271][ T5336] Call Trace:
[  117.692960][ T5336]  <TASK>
[  117.694158][ T5336]  rate_control_rate_init_all_links+0x109/0x1a0
[  117.696776][ T5336]  sta_apply_auth_flags+0x1c2/0x400
[  117.698961][ T5336]  sta_apply_parameters+0x1098/0x18a0
[  117.701367][ T5336]  ieee80211_add_station+0x3e6/0x710
[  117.704051][ T5336]  rdev_add_station+0xfc/0x290
[  117.706350][ T5336]  nl80211_new_station+0x1cab/0x2130
[  117.708755][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[  117.711142][ T5336]  ? __rtnl_unlock+0xc8/0xf0
[  117.713455][ T5336]  genl_family_rcv_msg_doit+0x22a/0x330
[  117.716154][ T5336]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  117.719319][ T5336]  ? bpf_lsm_capable+0x9/0x20
[  117.721756][ T5336]  ? security_capable+0x7e/0x2c0
[  117.724100][ T5336]  genl_rcv_msg+0x61c/0x7a0
[  117.725991][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[  117.727930][ T5336]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  117.730086][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[  117.733036][ T5336]  ? __pfx_nl80211_post_doit+0x10/0x10
[  117.735663][ T5336]  ? __pfx_ref_tracker_free+0x10/0x10
[  117.738350][ T5336]  ? __asan_memcpy+0x40/0x70
[  117.740659][ T5336]  ? __skb_clone+0x63/0x7a0
[  117.743058][ T5336]  netlink_rcv_skb+0x232/0x4b0
[  117.745208][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[  117.747429][ T5336]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  117.749797][ T5336]  ? down_read+0x270/0x2e0
[  117.751909][ T5336]  ? genl_rcv+0xd/0x40
[  117.753781][ T5336]  genl_rcv+0x28/0x40
[  117.755478][ T5336]  netlink_unicast+0x75c/0x8e0
[  117.757696][ T5336]  netlink_sendmsg+0x813/0xb40
[  117.760284][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.763392][ T5336]  ? aa_sock_msg_perm+0xf1/0x1b0
[  117.765676][ T5336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.768195][ T5336]  ____sys_sendmsg+0x972/0x9f0
[  117.770276][ T5336]  ? __might_fault+0xaf/0x130
[  117.772182][ T5336]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.774249][ T5336]  ? import_iovec+0x73/0xa0
[  117.775939][ T5336]  ___sys_sendmsg+0x2a5/0x360
[  117.778051][ T5336]  ? __lock_acquire+0x6b5/0x2cf0
[  117.780456][ T5336]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.783410][ T5336]  ? futex_wake+0x4ac/0x580
[  117.785879][ T5336]  ? __fget_files+0x2a/0x420
[  117.788101][ T5336]  ? __fget_files+0x3a0/0x420
[  117.790271][ T5336]  __x64_sys_sendmsg+0x1bd/0x2a0
[  117.793884][ T5336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.796272][ T5336]  ? rcu_is_watching+0x15/0xb0
[  117.798468][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.801282][ T5336]  do_syscall_64+0x15f/0xf80
[  117.803652][ T5336]  ? clear_bhb_loop+0x40/0x90
[  117.806139][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.809188][ T5336] RIP: 0033:0x7f01d1b9c819
[  117.811257][ T5336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  117.819722][ T5336] RSP: 002b:00007f01d29f5fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.823623][ T5336] RAX: ffffffffffffffda RBX: 00007f01d1e15fa0 RCX: 00007f01d1b9c819
[  117.827176][ T5336] RDX: 0000000000004080 RSI: 0000200000001080 RDI: 000000000000000a
[  117.831219][ T5336] RBP: 00007f01d1c32c91 R08: 0000000000000000 R09: 0000000000000000
[  117.835213][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.838690][ T5336] R13: 00007f01d1e16038 R14: 00007f01d1e15fa0 R15: 00007ffdd17f7758
[  117.842284][ T5336]  </TASK>
[  117.843789][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  117.846949][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  117.851158][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  117.855864][ T5336] Call Trace:
[  117.857532][ T5336]  <TASK>
[  117.858931][ T5336]  vpanic+0x56c/0xa60
[  117.861054][ T5336]  ? __pfx__printk+0x10/0x10
[  117.863246][ T5336]  ? __pfx_vpanic+0x10/0x10
[  117.865080][ T5336]  ? is_bpf_text_address+0x292/0x2b0
[  117.867093][ T5336]  ? is_bpf_text_address+0x26/0x2b0
[  117.869305][ T5336]  panic+0xc5/0xd0
[  117.871054][ T5336]  ? __pfx_panic+0x10/0x10
[  117.873431][ T5336]  __warn+0x315/0x4c0
[  117.875598][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[  117.878314][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[  117.880844][ T5336]  __report_bug+0x29a/0x540
[  117.883099][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[  117.885809][ T5336]  ? __pfx___report_bug+0x10/0x10
[  117.888183][ T5336]  ? __lock_acquire+0x6b5/0x2cf0
[  117.890667][ T5336]  ? __lock_acquire+0x6b5/0x2cf0
[  117.893128][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[  117.895776][ T5336]  report_bug+0x16a/0x220
[  117.897666][ T5336]  ? rate_control_rate_init+0x64a/0x6e0
[  117.899938][ T5336]  ? rate_control_rate_init+0x64c/0x6e0
[  117.902359][ T5336]  handle_bug+0x9c/0x200
[  117.904372][ T5336]  exc_invalid_op+0x1a/0x50
[  117.906430][ T5336]  asm_exc_invalid_op+0x1a/0x20
[  117.908581][ T5336] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  117.911615][ T5336] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 b2 c0 9c f6 90 0f 0b 90 eb e1 e8 a7 c0 9c f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  117.919709][ T5336] RSP: 0018:ffffc90003adefd8 EFLAGS: 00010283
[  117.922221][ T5336] RAX: ffffffff8b291e09 RBX: ffff88801fb24000 RCX: 0000000000100000
[  117.925738][ T5336] RDX: ffffc90020802000 RSI: 0000000000000497 RDI: 0000000000000498
[  117.929276][ T5336] RBP: 0000000000000000 R08: ffffffff8b291923 R09: ffffffff8e95cce0
[  117.932887][ T5336] R10: dffffc0000000000 R11: ffffed1003f64831 R12: 1ffff11003f6480a
[  117.935963][ T5336] R13: ffff888042ba0f20 R14: 0000000000000001 R15: ffffffff8b291923
[  117.938867][ T5336]  ? rate_control_rate_init+0x163/0x6e0
[  117.940994][ T5336]  ? rate_control_rate_init+0x163/0x6e0
[  117.943377][ T5336]  ? rate_control_rate_init+0x649/0x6e0
[  117.945634][ T5336]  ? rate_control_rate_init+0x649/0x6e0
[  117.948156][ T5336]  rate_control_rate_init_all_links+0x109/0x1a0
[  117.952265][ T5336]  sta_apply_auth_flags+0x1c2/0x400
[  117.954903][ T5336]  sta_apply_parameters+0x1098/0x18a0
[  117.957417][ T5336]  ieee80211_add_station+0x3e6/0x710
[  117.959816][ T5336]  rdev_add_station+0xfc/0x290
[  117.962016][ T5336]  nl80211_new_station+0x1cab/0x2130
[  117.964544][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[  117.967254][ T5336]  ? __rtnl_unlock+0xc8/0xf0
[  117.969587][ T5336]  genl_family_rcv_msg_doit+0x22a/0x330
[  117.972399][ T5336]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  117.975166][ T5336]  ? bpf_lsm_capable+0x9/0x20
[  117.977245][ T5336]  ? security_capable+0x7e/0x2c0
[  117.979585][ T5336]  genl_rcv_msg+0x61c/0x7a0
[  117.981711][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[  117.984016][ T5336]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  117.986252][ T5336]  ? __pfx_nl80211_new_station+0x10/0x10
[  117.988738][ T5336]  ? __pfx_nl80211_post_doit+0x10/0x10
[  117.991514][ T5336]  ? __pfx_ref_tracker_free+0x10/0x10
[  117.994458][ T5336]  ? __asan_memcpy+0x40/0x70
[  117.996892][ T5336]  ? __skb_clone+0x63/0x7a0
[  117.999059][ T5336]  netlink_rcv_skb+0x232/0x4b0
[  118.001058][ T5336]  ? __pfx_genl_rcv_msg+0x10/0x10
[  118.003265][ T5336]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  118.005437][ T5336]  ? down_read+0x270/0x2e0
[  118.007217][ T5336]  ? genl_rcv+0xd/0x40
[  118.008834][ T5336]  genl_rcv+0x28/0x40
[  118.010292][ T5336]  netlink_unicast+0x75c/0x8e0
[  118.012025][ T5336]  netlink_sendmsg+0x813/0xb40
[  118.013914][ T5336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  118.016177][ T5336]  ? aa_sock_msg_perm+0xf1/0x1b0
[  118.018083][ T5336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  118.020365][ T5336]  ____sys_sendmsg+0x972/0x9f0
[  118.022245][ T5336]  ? __might_fault+0xaf/0x130
[  118.024128][ T5336]  ? __pfx_____sys_sendmsg+0x10/0x10
[  118.026325][ T5336]  ? import_iovec+0x73/0xa0
[  118.028167][ T5336]  ___sys_sendmsg+0x2a5/0x360
[  118.030098][ T5336]  ? __lock_acquire+0x6b5/0x2cf0
[  118.032093][ T5336]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.034089][ T5336]  ? futex_wake+0x4ac/0x580
[  118.036271][ T5336]  ? __fget_files+0x2a/0x420
[  118.038768][ T5336]  ? __fget_files+0x3a0/0x420
[  118.041126][ T5336]  __x64_sys_sendmsg+0x1bd/0x2a0
[  118.043442][ T5336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  118.046013][ T5336]  ? rcu_is_watching+0x15/0xb0
[  118.048218][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.050673][ T5336]  do_syscall_64+0x15f/0xf80
[  118.052466][ T5336]  ? clear_bhb_loop+0x40/0x90
[  118.054300][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.056629][ T5336] RIP: 0033:0x7f01d1b9c819
[  118.058738][ T5336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.067161][ T5336] RSP: 002b:00007f01d29f5fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.070354][ T5336] RAX: ffffffffffffffda RBX: 00007f01d1e15fa0 RCX: 00007f01d1b9c819
[  118.073480][ T5336] RDX: 0000000000004080 RSI: 0000200000001080 RDI: 000000000000000a
[  118.076709][ T5336] RBP: 00007f01d1c32c91 R08: 0000000000000000 R09: 0000000000000000
[  118.079759][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.083040][ T5336] R13: 00007f01d1e16038 R14: 00007f01d1e15fa0 R15: 00007ffdd17f7758
[  118.086297][ T5336]  </TASK>
[  118.088053][ T5336] Kernel Offset: disabled
[  118.090258][ T5336] Rebooting in 86400 seconds..