program:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000280))
r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000300)={'aio_iiro_16\x00', [0x2f00, 0x5, 0xd097, 0xffffffff, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x7fff, 0x4, 0xffff, 0x6, 0x5, 0x7, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0x100101, 0x2, 0xffffffff, 0x7, 0x3, 0x4, 0x5, 0x70f]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x11, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a603f00000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xf, &(0x7f0000002d80)=[0xfffff000, 0x6, 0x6, 0xdc13, 0x1, 0x80000001, 0x70a, 0x89, 0x1ff, 0x4b, 0x100, 0x2, 0x0, 0x6, 0x3], 0x1, 0x4})

[   85.421188][ T5299] Bluetooth: hci0: command tx timeout
[   85.674829][ T5321] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   85.677805][ T5321] IPv6: NLM_F_CREATE should be set when creating new route
[   85.681027][ T5321] IPv6: NLM_F_CREATE should be set when creating new route
[   85.686612][ T5321] ------------[ cut here ]------------
[   85.688955][ T5321] i != fen6_info->nsiblings
[   85.688967][ T5321] WARNING: drivers/net/netdevsim/fib.c:831 at nsim_fib_event_nb+0x1060/0x1210, CPU#0: syz.0.0/5321
[   85.696285][ T5321] Modules linked in:
[   85.698146][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.702601][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.706994][ T5321] RIP: 0010:nsim_fib_event_nb+0x1060/0x1210
[   85.709727][ T5321] Code: 00 00 00 48 89 df e8 1f e3 90 fd 49 bf 00 00 00 00 00 fc ff df 4c 8b 74 24 38 4c 8b 64 24 20 e9 1d f3 ff ff e8 c1 12 b3 fa 90 <0f> 0b 90 e9 d3 f9 ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c b7 f0
[   85.718072][ T5321] RSP: 0018:ffffc9000ab46fd0 EFLAGS: 00010283
[   85.720518][ T5321] RAX: ffffffff8711742f RBX: 0000000000000001 RCX: 0000000000100000
[   85.723779][ T5321] RDX: ffffc90020802000 RSI: 0000000000001075 RDI: 0000000000001076
[   85.727092][ T5321] RBP: ffffc9000ab47160 R08: ffff8880124f742f R09: 1ffff1100249ee85
[   85.730207][ T5321] R10: dffffc0000000000 R11: ffffed100249ee86 R12: ffff8880124f7418
[   85.733669][ T5321] R13: 0000000000000000 R14: ffffc9000ab47178 R15: dffffc0000000000
[   85.736844][ T5321] FS:  00007fcc2847b6c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
[   85.740430][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.743208][ T5321] CR2: 00007fcc277e5558 CR3: 0000000032fcf000 CR4: 0000000000352ef0
[   85.746435][ T5321] Call Trace:
[   85.747837][ T5321]  <TASK>
[   85.749108][ T5321]  notifier_call_chain+0x19d/0x3a0
[   85.751353][ T5321]  ? atomic_notifier_call_chain+0x26/0x180
[   85.753958][ T5321]  atomic_notifier_call_chain+0xda/0x180
[   85.755963][ T5321]  call_fib_notifiers+0x31/0x60
[   85.757908][ T5321]  call_fib6_multipath_entry_notifiers+0xf5/0x160
[   85.760632][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   85.763272][ T5321]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   85.766719][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   85.769047][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   85.771294][ T5321]  inet6_rtm_newroute+0x14a2/0x19e0
[   85.773617][ T5321]  ? kasan_quarantine_put+0xbb/0x1f0
[   85.776199][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.778389][ T5321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.780885][ T5321]  ? kmem_cache_free+0x195/0x610
[   85.783133][ T5321]  ? nlmon_xmit+0xb0/0x100
[   85.784997][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.787277][ T5321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.789732][ T5321]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   85.791817][ T5321]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   85.793780][ T5321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.795766][ T5321]  ? ref_tracker_free+0x693/0x840
[   85.797865][ T5321]  ? __copy_skb_header+0xa3/0x4a0
[   85.799886][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.802469][ T5321]  ? __skb_clone+0x63/0x7a0
[   85.804222][ T5321]  netlink_rcv_skb+0x232/0x4b0
[   85.806368][ T5321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.808471][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.810551][ T5321]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.812719][ T5321]  netlink_unicast+0x80f/0x9b0
[   85.814575][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   85.816613][ T5321]  ? __alloc_skb+0x193/0x390
[   85.818471][ T5321]  ? netlink_sendmsg+0x650/0xb40
[   85.820398][ T5321]  ? skb_put+0x11b/0x210
[   85.822251][ T5321]  netlink_sendmsg+0x813/0xb40
[   85.824181][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.826365][ T5321]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.828331][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.830645][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.832846][ T5321]  ____sys_sendmsg+0xa68/0xad0
[   85.834746][ T5321]  ? __might_fault+0xaf/0x130
[   85.836670][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.838802][ T5321]  ? import_iovec+0x73/0xa0
[   85.840763][ T5321]  ___sys_sendmsg+0x2a5/0x360
[   85.842810][ T5321]  ? __lock_acquire+0x6b5/0x2cf0
[   85.844744][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.846974][ T5321]  ? futex_wake+0x4ac/0x580
[   85.848969][ T5321]  ? __fget_files+0x2a/0x420
[   85.850903][ T5321]  ? __fget_files+0x3a0/0x420
[   85.853090][ T5321]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.855136][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.857465][ T5321]  ? rcu_is_watching+0x15/0xb0
[   85.859686][ T5321]  do_syscall_64+0xe2/0xf80
[   85.861774][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.864658][ T5321]  ? trace_irq_disable+0x37/0x100
[   85.866811][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   85.868736][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.871405][ T5321] RIP: 0033:0x7fcc2759aeb9
[   85.873361][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.880936][ T5321] RSP: 002b:00007fcc2847b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.884652][ T5321] RAX: ffffffffffffffda RBX: 00007fcc27815fa0 RCX: 00007fcc2759aeb9
[   85.887895][ T5321] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
[   85.891267][ T5321] RBP: 00007fcc27608c1f R08: 0000000000000000 R09: 0000000000000000
[   85.894426][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.897892][ T5321] R13: 00007fcc27816038 R14: 00007fcc27815fa0 R15: 00007ffd9ff3eb18
[   85.901331][ T5321]  </TASK>
[   85.902907][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.906201][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.909869][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.913635][ T5321] Call Trace:
[   85.914897][ T5321]  <TASK>
[   85.915928][ T5321]  vpanic+0x1e0/0x670
[   85.917351][ T5321]  panic+0xc5/0xd0
[   85.918624][ T5321]  ? __pfx_panic+0x10/0x10
[   85.920126][ T5321]  __warn+0x315/0x4a0
[   85.921779][ T5321]  ? nsim_fib_event_nb+0x1060/0x1210
[   85.923923][ T5321]  ? nsim_fib_event_nb+0x1060/0x1210
[   85.926076][ T5321]  __report_bug+0x29a/0x540
[   85.928056][ T5321]  ? netlink_sendmsg+0x813/0xb40
[   85.930227][ T5321]  ? ____sys_sendmsg+0xa68/0xad0
[   85.932439][ T5321]  ? ___sys_sendmsg+0x2a5/0x360
[   85.934644][ T5321]  ? nsim_fib_event_nb+0x1060/0x1210
[   85.936932][ T5321]  ? __pfx___report_bug+0x10/0x10
[   85.939138][ T5321]  ? nsim_fib_event_nb+0x1060/0x1210
[   85.941418][ T5321]  report_bug+0x16a/0x220
[   85.943273][ T5321]  ? nsim_fib_event_nb+0x1060/0x1210
[   85.945555][ T5321]  ? nsim_fib_event_nb+0x1062/0x1210
[   85.947795][ T5321]  handle_bug+0x98/0x200
[   85.949706][ T5321]  exc_invalid_op+0x1a/0x50
[   85.951782][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   85.953998][ T5321] RIP: 0010:nsim_fib_event_nb+0x1060/0x1210
[   85.956608][ T5321] Code: 00 00 00 48 89 df e8 1f e3 90 fd 49 bf 00 00 00 00 00 fc ff df 4c 8b 74 24 38 4c 8b 64 24 20 e9 1d f3 ff ff e8 c1 12 b3 fa 90 <0f> 0b 90 e9 d3 f9 ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c b7 f0
[   85.964498][ T5321] RSP: 0018:ffffc9000ab46fd0 EFLAGS: 00010283
[   85.967204][ T5321] RAX: ffffffff8711742f RBX: 0000000000000001 RCX: 0000000000100000
[   85.970750][ T5321] RDX: ffffc90020802000 RSI: 0000000000001075 RDI: 0000000000001076
[   85.974142][ T5321] RBP: ffffc9000ab47160 R08: ffff8880124f742f R09: 1ffff1100249ee85
[   85.977597][ T5321] R10: dffffc0000000000 R11: ffffed100249ee86 R12: ffff8880124f7418
[   85.981112][ T5321] R13: 0000000000000000 R14: ffffc9000ab47178 R15: dffffc0000000000
[   85.984584][ T5321]  ? nsim_fib_event_nb+0x105f/0x1210
[   85.986917][ T5321]  notifier_call_chain+0x19d/0x3a0
[   85.989168][ T5321]  ? atomic_notifier_call_chain+0x26/0x180
[   85.991877][ T5321]  atomic_notifier_call_chain+0xda/0x180
[   85.994444][ T5321]  call_fib_notifiers+0x31/0x60
[   85.996711][ T5321]  call_fib6_multipath_entry_notifiers+0xf5/0x160
[   85.999631][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   86.001982][ T5321]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   86.005102][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   86.007384][ T5321]  ? inet6_rtm_newroute+0xfb8/0x19e0
[   86.009543][ T5321]  inet6_rtm_newroute+0x14a2/0x19e0
[   86.011695][ T5321]  ? kasan_quarantine_put+0xbb/0x1f0
[   86.013922][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.016193][ T5321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   86.018735][ T5321]  ? kmem_cache_free+0x195/0x610
[   86.020822][ T5321]  ? nlmon_xmit+0xb0/0x100
[   86.022536][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.024652][ T5321]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   86.026940][ T5321]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   86.028956][ T5321]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   86.031081][ T5321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.033782][ T5321]  ? ref_tracker_free+0x693/0x840
[   86.036416][ T5321]  ? __copy_skb_header+0xa3/0x4a0
[   86.038862][ T5321]  ? __pfx_ref_tracker_free+0x10/0x10
[   86.041245][ T5321]  ? __skb_clone+0x63/0x7a0
[   86.043376][ T5321]  netlink_rcv_skb+0x232/0x4b0
[   86.045616][ T5321]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   86.048003][ T5321]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   86.050375][ T5321]  ? netlink_deliver_tap+0x2e/0x1b0
[   86.052883][ T5321]  netlink_unicast+0x80f/0x9b0
[   86.055115][ T5321]  ? __pfx_netlink_unicast+0x10/0x10
[   86.057544][ T5321]  ? __alloc_skb+0x193/0x390
[   86.059584][ T5321]  ? netlink_sendmsg+0x650/0xb40
[   86.061593][ T5321]  ? skb_put+0x11b/0x210
[   86.063319][ T5321]  netlink_sendmsg+0x813/0xb40
[   86.065379][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.067599][ T5321]  ? aa_sock_msg_perm+0xf1/0x1b0
[   86.069760][ T5321]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.072116][ T5321]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.074457][ T5321]  ____sys_sendmsg+0xa68/0xad0
[   86.076458][ T5321]  ? __might_fault+0xaf/0x130
[   86.078242][ T5321]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.080316][ T5321]  ? import_iovec+0x73/0xa0
[   86.082038][ T5321]  ___sys_sendmsg+0x2a5/0x360
[   86.083706][ T5321]  ? __lock_acquire+0x6b5/0x2cf0
[   86.085590][ T5321]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.087685][ T5321]  ? futex_wake+0x4ac/0x580
[   86.089434][ T5321]  ? __fget_files+0x2a/0x420
[   86.091297][ T5321]  ? __fget_files+0x3a0/0x420
[   86.093126][ T5321]  __x64_sys_sendmsg+0x1bd/0x2a0
[   86.095187][ T5321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   86.097482][ T5321]  ? rcu_is_watching+0x15/0xb0
[   86.099520][ T5321]  do_syscall_64+0xe2/0xf80
[   86.101391][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.104085][ T5321]  ? trace_irq_disable+0x37/0x100
[   86.106355][ T5321]  ? clear_bhb_loop+0x60/0xb0
[   86.108455][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.110977][ T5321] RIP: 0033:0x7fcc2759aeb9
[   86.112893][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.119942][ T5321] RSP: 002b:00007fcc2847b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.123515][ T5321] RAX: ffffffffffffffda RBX: 00007fcc27815fa0 RCX: 00007fcc2759aeb9
[   86.126831][ T5321] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
[   86.130527][ T5321] RBP: 00007fcc27608c1f R08: 0000000000000000 R09: 0000000000000000
[   86.134054][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.137287][ T5321] R13: 00007fcc27816038 R14: 00007fcc27815fa0 R15: 00007ffd9ff3eb18
[   86.140864][ T5321]  </TASK>
[   86.142790][ T5321] Kernel Offset: disabled
[   86.144721][ T5321] Rebooting in 86400 seconds..