program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x34, 0x1, 0x70bd2d, 0x25dbdbfe, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x4000040)
r1 = io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x92a2, 0x0, 0x7, 0xa2})
r2 = io_uring_setup(0x2c49, &(0x7f0000002240))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x18, &(0x7f0000000000), 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x2, 0x329200)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r4, @ANYRES32=r7], 0x4c}}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r9=>0x0})
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r10=>r6, {0x4}}, './file0\x00'})
connect$inet(r10, &(0x7f0000000400)={0x2, 0x4e24, @multicast2}, 0x10)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000f)
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x2c, r8, 0x20, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x32}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000080)={0x6, r1, 0x0, {0x2077, 0x20000}, 0xe}, 0x1)
syz_emit_ethernet(0x4a, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a9646001406000000000000000000000000000000000000000000000000000000ffffac14141000004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="34de4a5257"], 0x0)

[   68.234911][ T5336] Bluetooth: hci0: command tx timeout
[   68.275081][ T5356] ------------[ cut here ]------------
[   68.277202][ T5356] WARNING: CPU: 0 PID: 5356 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0xed8/0x1080
[   68.291324][ T5356] Modules linked in:
[   68.296501][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.300771][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.305740][ T5356] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[   68.308027][ T5356] Code: fa be 02 00 00 00 eb 0a e8 e5 7d a6 fa be 01 00 00 00 4c 89 f7 e8 88 8d b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 c9 7d a6 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[   68.315697][ T5356] RSP: 0018:ffffc9000d40ef08 EFLAGS: 00010283
[   68.318196][ T5356] RAX: ffffffff871940c7 RBX: 0000000000000001 RCX: 0000000000100000
[   68.321612][ T5356] RDX: ffffc9000e40a000 RSI: 00000000000003e2 RDI: 00000000000003e3
[   68.325141][ T5356] RBP: dffffc0000000000 R08: ffff888033a2a82f R09: 1ffff11006745505
[   68.328345][ T5356] R10: dffffc0000000000 R11: ffffed1006745506 R12: ffff8880114ec000
[   68.331524][ T5356] R13: ffffc9000d40f080 R14: 0000000000000000 R15: ffffc9000d40f098
[   68.334949][ T5356] FS:  00007fbfd74226c0(0000) GS:ffff88808d20c000(0000) knlGS:0000000000000000
[   68.338667][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.341268][ T5356] CR2: 00007fbfd72f7d60 CR3: 0000000041c48000 CR4: 0000000000352ef0
[   68.344632][ T5356] Call Trace:
[   68.346015][ T5356]  <TASK>
[   68.347219][ T5356]  notifier_call_chain+0x1b3/0x3e0
[   68.349185][ T5356]  ? atomic_notifier_call_chain+0x26/0x180
[   68.352100][ T5356]  atomic_notifier_call_chain+0xda/0x180
[   68.354662][ T5356]  call_fib_notifiers+0x31/0x60
[   68.356732][ T5356]  call_fib6_multipath_entry_notifiers+0xe6/0x150
[   68.359406][ T5356]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   68.362752][ T5356]  ? inet6_rtm_newroute+0xe8b/0x18c0
[   68.365276][ T5356]  inet6_rtm_newroute+0x12f5/0x18c0
[   68.367544][ T5356]  ? nlmon_xmit+0xb0/0x100
[   68.369463][ T5356]  ? kmem_cache_free+0x18f/0x400
[   68.371600][ T5356]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   68.374376][ T5356]  ? __local_bh_enable_ip+0x12d/0x1c0
[   68.376641][ T5356]  ? __dev_queue_xmit+0x27b/0x3b50
[   68.378766][ T5356]  ? __dev_queue_xmit+0x1d79/0x3b50
[   68.380998][ T5356]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   68.383450][ T5356]  rtnetlink_rcv_msg+0x7cf/0xb70
[   68.385275][ T5356]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.387557][ T5356]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.389864][ T5356]  ? ref_tracker_free+0x63a/0x7d0
[   68.392025][ T5356]  ? __asan_memcpy+0x40/0x70
[   68.394115][ T5356]  ? __pfx_ref_tracker_free+0x10/0x10
[   68.396435][ T5356]  ? __skb_clone+0x63/0x7a0
[   68.398438][ T5356]  netlink_rcv_skb+0x205/0x470
[   68.400574][ T5356]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.403068][ T5356]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.405355][ T5356]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.407604][ T5356]  netlink_unicast+0x82f/0x9e0
[   68.409725][ T5356]  ? __pfx_netlink_unicast+0x10/0x10
[   68.412105][ T5356]  ? netlink_sendmsg+0x642/0xb30
[   68.414462][ T5356]  ? skb_put+0x11b/0x210
[   68.416395][ T5356]  netlink_sendmsg+0x805/0xb30
[   68.418564][ T5356]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.420898][ T5356]  ? aa_sock_msg_perm+0xf1/0x1d0
[   68.423162][ T5356]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.425607][ T5356]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.427945][ T5356]  __sock_sendmsg+0x21c/0x270
[   68.430010][ T5356]  ____sys_sendmsg+0x52d/0x830
[   68.432121][ T5356]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.434602][ T5356]  ? import_iovec+0x74/0xa0
[   68.436615][ T5356]  ___sys_sendmsg+0x21f/0x2a0
[   68.438667][ T5356]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.440913][ T5356]  ? __fget_files+0x2a/0x420
[   68.443064][ T5356]  ? __fget_files+0x3a0/0x420
[   68.445131][ T5356]  __sys_sendmmsg+0x227/0x430
[   68.447278][ T5356]  ? __pfx___sys_sendmmsg+0x10/0x10
[   68.449585][ T5356]  ? rcu_is_watching+0x15/0xb0
[   68.451737][ T5356]  ? rcu_is_watching+0x15/0xb0
[   68.453975][ T5356]  __x64_sys_sendmmsg+0xa0/0xc0
[   68.456162][ T5356]  do_syscall_64+0xfa/0x3b0
[   68.458208][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.460493][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.463373][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   68.465976][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.468468][ T5356] RIP: 0033:0x7fbfd658ebe9
[   68.470393][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.479245][ T5356] RSP: 002b:00007fbfd7422038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   68.482724][ T5356] RAX: ffffffffffffffda RBX: 00007fbfd67c5fa0 RCX: 00007fbfd658ebe9
[   68.486112][ T5356] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[   68.489448][ T5356] RBP: 00007fbfd6611e19 R08: 0000000000000000 R09: 0000000000000000
[   68.492986][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.496466][ T5356] R13: 00007fbfd67c6038 R14: 00007fbfd67c5fa0 R15: 00007ffd3b7f0948
[   68.500000][ T5356]  </TASK>
[   68.501381][ T5356] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.504601][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.508393][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.512760][ T5356] Call Trace:
[   68.514168][ T5356]  <TASK>
[   68.515513][ T5356]  dump_stack_lvl+0x99/0x250
[   68.517526][ T5356]  ? __asan_memcpy+0x40/0x70
[   68.519448][ T5356]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.521608][ T5356]  ? __pfx__printk+0x10/0x10
[   68.523701][ T5356]  vpanic+0x281/0x750
[   68.525392][ T5356]  ? __pfx__printk+0x10/0x10
[   68.527390][ T5356]  ? __pfx_vpanic+0x10/0x10
[   68.529353][ T5356]  ? is_bpf_text_address+0x26/0x2b0
[   68.531580][ T5356]  panic+0xb9/0xc0
[   68.533191][ T5356]  ? __pfx_panic+0x10/0x10
[   68.535165][ T5356]  __warn+0x31b/0x4b0
[   68.536914][ T5356]  ? nsim_fib_event_nb+0xed8/0x1080
[   68.539139][ T5356]  ? nsim_fib_event_nb+0xed8/0x1080
[   68.541332][ T5356]  report_bug+0x2be/0x4f0
[   68.543258][ T5356]  ? nsim_fib_event_nb+0xed8/0x1080
[   68.545506][ T5356]  ? nsim_fib_event_nb+0xed8/0x1080
[   68.547809][ T5356]  ? nsim_fib_event_nb+0xeda/0x1080
[   68.550122][ T5356]  handle_bug+0x84/0x160
[   68.551989][ T5356]  exc_invalid_op+0x1a/0x50
[   68.554018][ T5356]  asm_exc_invalid_op+0x1a/0x20
[   68.556177][ T5356] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[   68.558718][ T5356] Code: fa be 02 00 00 00 eb 0a e8 e5 7d a6 fa be 01 00 00 00 4c 89 f7 e8 88 8d b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 c9 7d a6 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[   68.566916][ T5356] RSP: 0018:ffffc9000d40ef08 EFLAGS: 00010283
[   68.569541][ T5356] RAX: ffffffff871940c7 RBX: 0000000000000001 RCX: 0000000000100000
[   68.572993][ T5356] RDX: ffffc9000e40a000 RSI: 00000000000003e2 RDI: 00000000000003e3
[   68.576446][ T5356] RBP: dffffc0000000000 R08: ffff888033a2a82f R09: 1ffff11006745505
[   68.579838][ T5356] R10: dffffc0000000000 R11: ffffed1006745506 R12: ffff8880114ec000
[   68.583287][ T5356] R13: ffffc9000d40f080 R14: 0000000000000000 R15: ffffc9000d40f098
[   68.586801][ T5356]  ? nsim_fib_event_nb+0xed7/0x1080
[   68.589086][ T5356]  ? nsim_fib_event_nb+0xed7/0x1080
[   68.591421][ T5356]  notifier_call_chain+0x1b3/0x3e0
[   68.593659][ T5356]  ? atomic_notifier_call_chain+0x26/0x180
[   68.596174][ T5356]  atomic_notifier_call_chain+0xda/0x180
[   68.598495][ T5356]  call_fib_notifiers+0x31/0x60
[   68.600690][ T5356]  call_fib6_multipath_entry_notifiers+0xe6/0x150
[   68.603537][ T5356]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   68.606596][ T5356]  ? inet6_rtm_newroute+0xe8b/0x18c0
[   68.608849][ T5356]  inet6_rtm_newroute+0x12f5/0x18c0
[   68.611167][ T5356]  ? nlmon_xmit+0xb0/0x100
[   68.613169][ T5356]  ? kmem_cache_free+0x18f/0x400
[   68.615361][ T5356]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   68.617797][ T5356]  ? __local_bh_enable_ip+0x12d/0x1c0
[   68.620203][ T5356]  ? __dev_queue_xmit+0x27b/0x3b50
[   68.622190][ T5356]  ? __dev_queue_xmit+0x1d79/0x3b50
[   68.624198][ T5356]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   68.626389][ T5356]  rtnetlink_rcv_msg+0x7cf/0xb70
[   68.628462][ T5356]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.630615][ T5356]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.632952][ T5356]  ? ref_tracker_free+0x63a/0x7d0
[   68.635155][ T5356]  ? __asan_memcpy+0x40/0x70
[   68.637131][ T5356]  ? __pfx_ref_tracker_free+0x10/0x10
[   68.639483][ T5356]  ? __skb_clone+0x63/0x7a0
[   68.641469][ T5356]  netlink_rcv_skb+0x205/0x470
[   68.643529][ T5356]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.645918][ T5356]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.648228][ T5356]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.650451][ T5356]  netlink_unicast+0x82f/0x9e0
[   68.652498][ T5356]  ? __pfx_netlink_unicast+0x10/0x10
[   68.654811][ T5356]  ? netlink_sendmsg+0x642/0xb30
[   68.656918][ T5356]  ? skb_put+0x11b/0x210
[   68.658745][ T5356]  netlink_sendmsg+0x805/0xb30
[   68.660795][ T5356]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.663008][ T5356]  ? aa_sock_msg_perm+0xf1/0x1d0
[   68.665128][ T5356]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.667446][ T5356]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.669698][ T5356]  __sock_sendmsg+0x21c/0x270
[   68.671747][ T5356]  ____sys_sendmsg+0x52d/0x830
[   68.673846][ T5356]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.676179][ T5356]  ? import_iovec+0x74/0xa0
[   68.678096][ T5356]  ___sys_sendmsg+0x21f/0x2a0
[   68.679948][ T5356]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.682187][ T5356]  ? __fget_files+0x2a/0x420
[   68.684249][ T5356]  ? __fget_files+0x3a0/0x420
[   68.686297][ T5356]  __sys_sendmmsg+0x227/0x430
[   68.688369][ T5356]  ? __pfx___sys_sendmmsg+0x10/0x10
[   68.690592][ T5356]  ? rcu_is_watching+0x15/0xb0
[   68.692644][ T5356]  ? rcu_is_watching+0x15/0xb0
[   68.694667][ T5356]  __x64_sys_sendmmsg+0xa0/0xc0
[   68.696822][ T5356]  do_syscall_64+0xfa/0x3b0
[   68.698814][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.701096][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.703750][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   68.705807][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.708332][ T5356] RIP: 0033:0x7fbfd658ebe9
[   68.710242][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.718164][ T5356] RSP: 002b:00007fbfd7422038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   68.721603][ T5356] RAX: ffffffffffffffda RBX: 00007fbfd67c5fa0 RCX: 00007fbfd658ebe9
[   68.725374][ T5356] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[   68.728709][ T5356] RBP: 00007fbfd6611e19 R08: 0000000000000000 R09: 0000000000000000
[   68.732044][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.735309][ T5356] R13: 00007fbfd67c6038 R14: 00007fbfd67c5fa0 R15: 00007ffd3b7f0948
[   68.738612][ T5356]  </TASK>
[   68.740247][ T5356] Kernel Offset: disabled
[   68.742073][ T5356] Rebooting in 86400 seconds..