program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)

[  102.670202][   T45] Bluetooth: hci0: command tx timeout
[  102.776382][ T5327] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  102.811428][ T5327] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  102.857966][ T5327] bridge_slave_0: left allmulticast mode
[  102.870620][ T5327] bridge_slave_0: left promiscuous mode
[  102.873876][ T5327] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.887780][ T5327] bridge_slave_1: left allmulticast mode
[  102.896119][ T5327] bridge_slave_1: left promiscuous mode
[  102.899391][ T5327] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.920879][ T5328] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[  102.928359][ T5327] bond0: (slave bond_slave_0): Releasing backup interface
[  102.955070][ T5327] bond0: (slave bond_slave_1): Releasing backup interface
[  102.968914][ T5327] team0: Port device team_slave_0 removed
[  102.974229][ T5331] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[  102.985594][ T5327] team0: Port device team_slave_1 removed
[  102.989326][ T5327] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.993462][ T5327] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.998813][ T5327] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.005191][ T5327] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.013641][ T5327] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  103.022713][ T5328] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  103.042594][ T5328] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.060824][ T5328] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  103.082735][ T5331] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.096228][ T5331] team0: Port device bond0 added
[  103.121783][   T10] Oops: general protection fault, probably for non-canonical address 0xe000080fee63d973: 0000 [#1] SMP KASAN NOPTI
[  103.127426][   T10] KASAN: probably user-memory-access in range [0x0000607f731ecb98-0x0000607f731ecb9f]
[  103.132217][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  103.137452][   T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.142239][   T10] Workqueue: mld mld_ifc_work
[  103.144560][   T10] RIP: 0010:bond_header_create+0x150/0x300
[  103.147598][   T10] Code: e8 25 bd 59 fb 45 85 f6 0f 84 a5 00 00 00 e8 d7 b8 59 fb eb 05 e8 d0 b8 59 fb 48 85 ed 0f 84 89 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 71 81 c5 fb 48 8b 6d 00 4c 8d 75
[  103.157988][   T10] RSP: 0018:ffffc9000023f600 EFLAGS: 00010202
[  103.161178][   T10] RAX: 00000c0fee63d973 RBX: ffffffff866bf37b RCX: ffff88801caea4c0
[  103.164992][   T10] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  103.169499][   T10] RBP: 0000607f731ecb98 R08: ffffffff866bf37b R09: ffffffff8e75e420
[  103.173365][   T10] R10: dffffc0000000000 R11: ffffffff866bf340 R12: 00000000000086dd
[  103.177177][   T10] R13: ffff88801ce983c0 R14: 0000000000000001 R15: dffffc0000000000
[  103.180882][   T10] FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  103.185192][   T10] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.188576][   T10] CR2: 00007f491f1fffe8 CR3: 000000000e54c000 CR4: 0000000000352ef0
[  103.192036][   T10] Call Trace:
[  103.193553][   T10]  <TASK>
[  103.194871][   T10]  ? __pfx_bond_header_create+0x10/0x10
[  103.197703][   T10]  neigh_connected_output+0x286/0x460
[  103.201074][   T10]  ip6_finish_output+0x2e5/0x740
[  103.203662][   T10]  ? ip6_output+0x126/0x550
[  103.205646][   T10]  ip6_output+0x340/0x550
[  103.207542][   T10]  ? __pfx_ip6_output+0x10/0x10
[  103.209667][   T10]  NF_HOOK+0x177/0x4f0
[  103.211846][   T10]  ? __pfx_NF_HOOK+0x10/0x10
[  103.214240][   T10]  ? __pfx_dst_output+0x10/0x10
[  103.216648][   T10]  ? lockdep_hardirqs_on+0x7a/0x110
[  103.219252][   T10]  ? __local_bh_enable_ip+0xd0/0x130
[  103.221933][   T10]  ? icmp6_dst_alloc+0x3a6/0x440
[  103.224259][   T10]  mld_sendpack+0x8b4/0xe40
[  103.226343][   T10]  ? look_up_lock_class+0x57/0x110
[  103.228938][   T10]  ? mld_sendpack+0x213/0xe40
[  103.231398][   T10]  ? __pfx_mld_sendpack+0x10/0x10
[  103.233945][   T10]  mld_ifc_work+0x835/0xe70
[  103.236234][   T10]  ? process_scheduled_works+0xa25/0x1830
[  103.238957][   T10]  process_scheduled_works+0xb02/0x1830
[  103.241531][   T10]  ? __pfx_process_scheduled_works+0x10/0x10
[  103.244508][   T10]  ? assign_work+0x3d5/0x5e0
[  103.247208][   T10]  worker_thread+0xa50/0xfc0
[  103.249961][   T10]  kthread+0x388/0x470
[  103.251982][   T10]  ? __pfx_worker_thread+0x10/0x10
[  103.254373][   T10]  ? __pfx_kthread+0x10/0x10
[  103.256551][   T10]  ret_from_fork+0x51e/0xb90
[  103.258663][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  103.260859][   T10]  ? __switch_to+0xc7d/0x1450
[  103.262974][   T10]  ? __pfx_kthread+0x10/0x10
[  103.265216][   T10]  ret_from_fork_asm+0x1a/0x30
[  103.267743][   T10]  </TASK>
[  103.269403][   T10] Modules linked in:
[  103.271786][   T10] ---[ end trace 0000000000000000 ]---