program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)

[   85.731539][ T5297] Bluetooth: hci0: command tx timeout
[   85.832595][ T5322] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   85.853374][ T5322] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   85.876550][ T5322] bridge_slave_0: left allmulticast mode
[   85.880391][ T5322] bridge_slave_0: left promiscuous mode
[   85.884050][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.894791][ T5322] bridge_slave_1: left allmulticast mode
[   85.898488][ T5322] bridge_slave_1: left promiscuous mode
[   85.904560][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.914385][ T5322] bond0: (slave bond_slave_0): Releasing backup interface
[   85.925056][ T5323] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   85.934762][ T5322] bond0: (slave bond_slave_1): Releasing backup interface
[   85.946465][ T5322] team0: Port device team_slave_0 removed
[   85.955163][ T5322] team0: Port device team_slave_1 removed
[   85.959453][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.964477][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.969631][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.974417][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.984559][ T5322] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.994540][ T5327] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   86.006113][ T5323] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[   86.016473][ T5323] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.024753][ T5323] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   86.036926][ T5327] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.046589][ T5327] team0: Port device bond0 added
[   86.082507][    T9] Oops: general protection fault, probably for non-canonical address 0xe000080fee63d977: 0000 [#1] SMP KASAN NOPTI
[   86.089282][    T9] KASAN: probably user-memory-access in range [0x0000607f731ecbb8-0x0000607f731ecbbf]
[   86.094188][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.098643][    T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.102987][    T9] Workqueue: mld mld_ifc_work
[   86.107670][    T9] RIP: 0010:bond_header_create+0x150/0x300
[   86.110624][    T9] Code: e8 25 bd 59 fb 45 85 f6 0f 84 a5 00 00 00 e8 d7 b8 59 fb eb 05 e8 d0 b8 59 fb 48 85 ed 0f 84 89 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 71 81 c5 fb 48 8b 6d 00 4c 8d 75
[   86.120007][    T9] RSP: 0018:ffffc9000022f600 EFLAGS: 00010206
[   86.122984][    T9] RAX: 00000c0fee63d977 RBX: ffffffff866bf37b RCX: ffff88801b304980
[   86.126997][    T9] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   86.131624][    T9] RBP: 0000607f731ecbb8 R08: ffffffff866bf37b R09: ffffffff8e75e420
[   86.135276][    T9] R10: dffffc0000000000 R11: ffffffff866bf340 R12: 00000000000086dd
[   86.138892][    T9] R13: ffff88803781a780 R14: 0000000000000001 R15: dffffc0000000000
[   86.142802][    T9] FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   86.147680][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.150738][    T9] CR2: 00007f6aaf094fe8 CR3: 0000000044c9b000 CR4: 0000000000352ef0
[   86.154421][    T9] Call Trace:
[   86.156217][    T9]  <TASK>
[   86.157801][    T9]  ? __pfx_bond_header_create+0x10/0x10
[   86.160699][    T9]  neigh_connected_output+0x286/0x460
[   86.163420][    T9]  ip6_finish_output+0x2e5/0x740
[   86.165785][    T9]  ? ip6_output+0x126/0x550
[   86.167925][    T9]  ip6_output+0x340/0x550
[   86.170058][    T9]  ? __pfx_ip6_output+0x10/0x10
[   86.172629][    T9]  NF_HOOK+0x177/0x4f0
[   86.174767][    T9]  ? __pfx_NF_HOOK+0x10/0x10
[   86.177141][    T9]  ? __pfx_dst_output+0x10/0x10
[   86.179531][    T9]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.182005][    T9]  ? __local_bh_enable_ip+0xd0/0x130
[   86.184674][    T9]  ? icmp6_dst_alloc+0x3a6/0x440
[   86.187315][    T9]  mld_sendpack+0x8b4/0xe40
[   86.189713][    T9]  ? look_up_lock_class+0x57/0x110
[   86.192045][    T9]  ? mld_sendpack+0x213/0xe40
[   86.194168][    T9]  ? __pfx_mld_sendpack+0x10/0x10
[   86.196686][    T9]  mld_ifc_work+0x835/0xe70
[   86.199130][    T9]  ? process_scheduled_works+0xa25/0x1830
[   86.202160][    T9]  process_scheduled_works+0xb02/0x1830
[   86.204814][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.207561][    T9]  ? assign_work+0x3d5/0x5e0
[   86.210032][    T9]  worker_thread+0xa50/0xfc0
[   86.212508][    T9]  kthread+0x388/0x470
[   86.214828][    T9]  ? __pfx_worker_thread+0x10/0x10
[   86.217164][    T9]  ? __pfx_kthread+0x10/0x10
[   86.219087][    T9]  ret_from_fork+0x51e/0xb90
[   86.221117][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[   86.223596][    T9]  ? __switch_to+0xc7d/0x1450
[   86.225862][    T9]  ? __pfx_kthread+0x10/0x10
[   86.228370][    T9]  ret_from_fork_asm+0x1a/0x30
[   86.230568][    T9]  </TASK>
[   86.231972][    T9] Modules linked in:
[   86.234367][    T9] ---[ end trace 0000000000000000 ]---