program:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'dummy0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @remote}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000)

[   68.104082][ T5301] Bluetooth: hci0: command tx timeout
[   68.117621][ T5316] dummy0: entered promiscuous mode
[   68.125583][ T5316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   68.164267][ T5316] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578
[   68.168240][ T5316] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5316, name: syz.0.0
[   68.172214][ T5316] preempt_count: 0, expected: 0
[   68.175791][ T5316] RCU nest depth: 1, expected: 0
[   68.178041][ T5316] 2 locks held by syz.0.0/5316:
[   68.180586][ T5316]  #0: ffffffff8f505988 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710
[   68.185272][ T5316]  #1: ffffffff8e13ccc0 (rcu_read_lock){....}-{1:3}, at: packet_notifier+0x78/0xa60
[   68.189440][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[   68.189455][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.189462][ T5316] Call Trace:
[   68.189470][ T5316]  <TASK>
[   68.189475][ T5316]  dump_stack_lvl+0x189/0x250
[   68.189500][ T5316]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.189527][ T5316]  ? print_lock_name+0xde/0x100
[   68.189543][ T5316]  __might_resched+0x495/0x610
[   68.189563][ T5316]  ? __pfx___might_resched+0x10/0x10
[   68.189581][ T5316]  ? call_rcu+0x6dd/0x990
[   68.189595][ T5316]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.189615][ T5316]  __mutex_lock+0x106/0xe80
[   68.189635][ T5316]  ? __pfx_call_rcu+0x10/0x10
[   68.189652][ T5316]  ? dev_set_promiscuity+0x10e/0x260
[   68.189672][ T5316]  ? __pfx___mutex_lock+0x10/0x10
[   68.189695][ T5316]  ? packet_notifier+0x78/0xa60
[   68.189712][ T5316]  ? __pfx_addrconf_ifdown+0x10/0x10
[   68.189728][ T5316]  dev_set_promiscuity+0x10e/0x260
[   68.189747][ T5316]  packet_notifier+0x292/0xa60
[   68.189764][ T5316]  ? packet_notifier+0x78/0xa60
[   68.189778][ T5316]  notifier_call_chain+0x1b3/0x3e0
[   68.189798][ T5316]  unregister_netdevice_many_notify+0x15d8/0x2330
[   68.189820][ T5316]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   68.189834][ T5316]  ? rtnl_dellink+0x331/0x710
[   68.189852][ T5316]  ? unregister_netdevice_queue+0x1b3/0x380
[   68.189869][ T5316]  ? __nla_parse+0x40/0x60
[   68.189927][ T5316]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   68.189938][ T5316]  rtnl_dellink+0x488/0x710
[   68.189956][ T5316]  ? __pfx_rtnl_dellink+0x10/0x10
[   68.190026][ T5316]  ? __pfx_rtnl_dellink+0x10/0x10
[   68.190039][ T5316]  rtnetlink_rcv_msg+0x7cf/0xb70
[   68.190056][ T5316]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.190070][ T5316]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.190084][ T5316]  ? ref_tracker_free+0x63a/0x7d0
[   68.190096][ T5316]  ? __copy_skb_header+0xa7/0x550
[   68.190111][ T5316]  netlink_rcv_skb+0x21c/0x490
[   68.190126][ T5316]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.190140][ T5316]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.190166][ T5316]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.190180][ T5316]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.190197][ T5316]  netlink_unicast+0x758/0x8d0
[   68.190217][ T5316]  netlink_sendmsg+0x805/0xb30
[   68.190238][ T5316]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.190255][ T5316]  ? aa_sock_msg_perm+0x94/0x160
[   68.190269][ T5316]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.190280][ T5316]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.190296][ T5316]  __sock_sendmsg+0x219/0x270
[   68.190311][ T5316]  ____sys_sendmsg+0x505/0x830
[   68.190353][ T5316]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.190370][ T5316]  ? import_iovec+0x74/0xa0
[   68.190385][ T5316]  ___sys_sendmsg+0x21f/0x2a0
[   68.190399][ T5316]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.190434][ T5316]  ? __fget_files+0x2a/0x420
[   68.190447][ T5316]  ? __fget_files+0x3a0/0x420
[   68.190466][ T5316]  __x64_sys_sendmsg+0x19b/0x260
[   68.190498][ T5316]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   68.190523][ T5316]  ? rcu_is_watching+0x15/0xb0
[   68.190542][ T5316]  ? do_syscall_64+0xbe/0x3b0
[   68.190561][ T5316]  do_syscall_64+0xfa/0x3b0
[   68.190575][ T5316]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.190588][ T5316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.190599][ T5316]  ? clear_bhb_loop+0x60/0xb0
[   68.190612][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.190622][ T5316] RIP: 0033:0x7fbe9e98e969
[   68.190633][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.190641][ T5316] RSP: 002b:00007fbe9f8da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.190652][ T5316] RAX: ffffffffffffffda RBX: 00007fbe9ebb5fa0 RCX: 00007fbe9e98e969
[   68.190659][ T5316] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000005
[   68.190665][ T5316] RBP: 00007fbe9ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[   68.190671][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.190678][ T5316] R13: 0000000000000000 R14: 00007fbe9ebb5fa0 R15: 00007fffcf7dedb8
[   68.190696][ T5316]  </TASK>
[   68.190794][ T5316] 
[   68.363240][ T5316] =============================
[   68.365350][ T5316] [ BUG: Invalid wait context ]
[   68.367320][ T5316] 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 Tainted: G        W          
[   68.370794][ T5316] -----------------------------
[   68.372887][ T5316] syz.0.0/5316 is trying to lock:
[   68.375057][ T5316] ffff888052046d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_promiscuity+0x10e/0x260
[   68.379418][ T5316] other info that might help us debug this:
[   68.381934][ T5316] context-{5:5}
[   68.383514][ T5316] 2 locks held by syz.0.0/5316:
[   68.385652][ T5316]  #0: ffffffff8f505988 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710
[   68.389667][ T5316]  #1: ffffffff8e13ccc0 (rcu_read_lock){....}-{1:3}, at: packet_notifier+0x78/0xa60
[   68.393754][ T5316] stack backtrace:
[   68.395324][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Tainted: G        W           6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[   68.395340][ T5316] Tainted: [W]=WARN
[   68.395344][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.395350][ T5316] Call Trace:
[   68.395357][ T5316]  <TASK>
[   68.395363][ T5316]  dump_stack_lvl+0x189/0x250
[   68.395383][ T5316]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.395396][ T5316]  ? __pfx__printk+0x10/0x10
[   68.395406][ T5316]  ? print_lock_name+0xde/0x100
[   68.395417][ T5316]  __lock_acquire+0xbcb/0xd20
[   68.395432][ T5316]  ? dev_set_promiscuity+0x10e/0x260
[   68.395445][ T5316]  lock_acquire+0x120/0x360
[   68.395456][ T5316]  ? dev_set_promiscuity+0x10e/0x260
[   68.395468][ T5316]  ? call_rcu+0x6dd/0x990
[   68.395484][ T5316]  __mutex_lock+0x182/0xe80
[   68.395499][ T5316]  ? dev_set_promiscuity+0x10e/0x260
[   68.395513][ T5316]  ? __pfx_call_rcu+0x10/0x10
[   68.395528][ T5316]  ? dev_set_promiscuity+0x10e/0x260
[   68.395542][ T5316]  ? __pfx___mutex_lock+0x10/0x10
[   68.395560][ T5316]  ? packet_notifier+0x78/0xa60
[   68.395573][ T5316]  ? __pfx_addrconf_ifdown+0x10/0x10
[   68.395585][ T5316]  dev_set_promiscuity+0x10e/0x260
[   68.395602][ T5316]  packet_notifier+0x292/0xa60
[   68.395615][ T5316]  ? packet_notifier+0x78/0xa60
[   68.395626][ T5316]  notifier_call_chain+0x1b3/0x3e0
[   68.395641][ T5316]  unregister_netdevice_many_notify+0x15d8/0x2330
[   68.395654][ T5316]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   68.395666][ T5316]  ? rtnl_dellink+0x331/0x710
[   68.395681][ T5316]  ? unregister_netdevice_queue+0x1b3/0x380
[   68.395696][ T5316]  ? __nla_parse+0x40/0x60
[   68.395713][ T5316]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   68.395722][ T5316]  rtnl_dellink+0x488/0x710
[   68.395733][ T5316]  ? __pfx_rtnl_dellink+0x10/0x10
[   68.395754][ T5316]  ? __pfx_rtnl_dellink+0x10/0x10
[   68.395761][ T5316]  rtnetlink_rcv_msg+0x7cf/0xb70
[   68.395775][ T5316]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.395785][ T5316]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.395806][ T5316]  ? ref_tracker_free+0x63a/0x7d0
[   68.395820][ T5316]  ? __copy_skb_header+0xa7/0x550
[   68.395832][ T5316]  netlink_rcv_skb+0x21c/0x490
[   68.395845][ T5316]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.395856][ T5316]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.395873][ T5316]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.395886][ T5316]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.395898][ T5316]  netlink_unicast+0x758/0x8d0
[   68.395912][ T5316]  netlink_sendmsg+0x805/0xb30
[   68.395928][ T5316]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.395941][ T5316]  ? aa_sock_msg_perm+0x94/0x160
[   68.395953][ T5316]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.395963][ T5316]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.395976][ T5316]  __sock_sendmsg+0x219/0x270
[   68.395988][ T5316]  ____sys_sendmsg+0x505/0x830
[   68.395997][ T5316]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.396007][ T5316]  ? import_iovec+0x74/0xa0
[   68.396017][ T5316]  ___sys_sendmsg+0x21f/0x2a0
[   68.396027][ T5316]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.396044][ T5316]  ? __fget_files+0x2a/0x420
[   68.396057][ T5316]  ? __fget_files+0x3a0/0x420
[   68.396072][ T5316]  __x64_sys_sendmsg+0x19b/0x260
[   68.396079][ T5316]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   68.396087][ T5316]  ? rcu_is_watching+0x15/0xb0
[   68.396096][ T5316]  ? do_syscall_64+0xbe/0x3b0
[   68.396106][ T5316]  do_syscall_64+0xfa/0x3b0
[   68.396114][ T5316]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.396122][ T5316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.396129][ T5316]  ? clear_bhb_loop+0x60/0xb0
[   68.396139][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.396149][ T5316] RIP: 0033:0x7fbe9e98e969
[   68.396159][ T5316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.396196][ T5316] RSP: 002b:00007fbe9f8da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.396207][ T5316] RAX: ffffffffffffffda RBX: 00007fbe9ebb5fa0 RCX: 00007fbe9e98e969
[   68.396215][ T5316] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000005
[   68.396221][ T5316] RBP: 00007fbe9ea10ab1 R08: 0000000000000000 R09: 0000000000000000
[   68.396228][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.396234][ T5316] R13: 0000000000000000 R14: 00007fbe9ebb5fa0 R15: 00007fffcf7dedb8
[   68.396245][ T5316]  </TASK>
[   68.587610][ T5316] dummy0 (unregistering): left promiscuous mode
[   70.164504][ T5301] Bluetooth: hci0: command tx timeout