program: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$EXT4_IOC_CHECKPOINT(r3, 0x4004662b, &(0x7f0000000140)=0x5) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000350000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000012c0004802800018008000100666962001c0002800800014000000011080003400000000e080002400000000114000000110001"], 0xdc}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0xfe66}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) r5 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x2010, r5, 0x0) ftruncate(r5, 0x51a9497) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) ioctl$EXT4_IOC_CHECKPOINT(r3, 0x4004662b, &(0x7f0000000140)=0x5) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000350000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000012c0004802800018008000100666962001c0002800800014000000011080003400000000e080002400000000114000000110001"], 0xdc}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0xfe66}}, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) (async) memfd_secret(0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x2010, r5, 0x0) (async) ftruncate(r5, 0x51a9497) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5) (async) [ 84.962833][ T46] Bluetooth: hci0: command tx timeout [ 85.011094][ T5343] bridge_slave_0: left allmulticast mode [ 85.046393][ T5343] bridge_slave_0: left promiscuous mode [ 85.049149][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.063402][ T5345] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.072344][ T5343] bridge_slave_1: left allmulticast mode [ 85.075000][ T5343] bridge_slave_1: left promiscuous mode [ 85.079706][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.087973][ T5343] bond0: (slave bond_slave_0): Releasing backup interface [ 85.094480][ T5343] bond0: (slave bond_slave_1): Releasing backup interface [ 85.104591][ T5343] team0: Port device team_slave_0 removed [ 85.113432][ T5343] team0: Port device team_slave_1 removed [ 85.118259][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.121448][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.127499][ T5343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.132176][ T5343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.137880][ T5343] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 85.164229][ T5346] ip6gre0: entered promiscuous mode [ 85.167959][ T5345] Zero length message leads to an empty skb [ 85.177606][ T5346] team0: Port device ip6gre0 added [ 85.191352][ T5345] team0: Port device ip6gre0 removed [ 85.203028][ T5345] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 85.212045][ T3688] skbuff: skb_under_panic: text:ffffffff8a29d978 len:136 put:40 head:ffff88801fa1d000 data:ffff88801fa1cfe8 tail:0x70 end:0x6c0 dev:team0 [ 85.235951][ T3688] ------------[ cut here ]------------ [ 85.238435][ T3688] kernel BUG at net/core/skbuff.c:213! [ 85.240830][ T3688] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.243613][ T3688] CPU: 0 UID: 0 PID: 3688 Comm: kworker/u4:20 Not tainted syzkaller #0 PREEMPT(full) [ 85.247312][ T3688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.251457][ T3688] Workqueue: ipv6_addrconf addrconf_dad_work [ 85.253973][ T3688] RIP: 0010:skb_panic+0x157/0x160 [ 85.256047][ T3688] Code: c7 20 ac 8f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 0e 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 85.263927][ T3688] RSP: 0018:ffffc9000f0170a0 EFLAGS: 00010286 [ 85.266765][ T3688] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 017dd15c4b3fb400 [ 85.270141][ T3688] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 85.273573][ T3688] RBP: 00000000000006c0 R08: ffffc9000f016da7 R09: 1ffff92001e02db4 [ 85.276873][ T3688] R10: dffffc0000000000 R11: fffff52001e02db5 R12: ffff8880118cf650 [ 85.280340][ T3688] R13: ffff88801fa1d000 R14: ffff88801fa1cfe8 R15: 0000000000000070 [ 85.283709][ T3688] FS: 0000000000000000(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 85.287596][ T3688] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.290469][ T3688] CR2: 00007fd6cb203d20 CR3: 0000000040ea5000 CR4: 0000000000352ef0 [ 85.293874][ T3688] Call Trace: [ 85.295434][ T3688] [ 85.296692][ T3688] ? ip6gre_header+0xc8/0x790 [ 85.298745][ T3688] ? ip6gre_header+0xc8/0x790 [ 85.301121][ T3688] skb_push+0xc3/0xe0 [ 85.303018][ T3688] ip6gre_header+0xc8/0x790 [ 85.305072][ T3688] ? __pfx_ip6gre_header+0x10/0x10 [ 85.307271][ T3688] ? read_seqbegin+0x1ac/0x250 [ 85.309309][ T3688] ? __pfx_read_seqbegin+0x10/0x10 [ 85.311526][ T3688] ? ___neigh_create+0x1c5f/0x2230 [ 85.313732][ T3688] ? __pfx_ip6gre_header+0x10/0x10 [ 85.315989][ T3688] neigh_connected_output+0x286/0x460 [ 85.318278][ T3688] ip6_finish_output2+0xfb3/0x1480 [ 85.320378][ T3688] ? __pfx_ip6_finish_output2+0x10/0x10 [ 85.322665][ T3688] ? ip6_mtu+0x7d/0x490 [ 85.324310][ T3688] ? ip6_mtu+0x7d/0x490 [ 85.325997][ T3688] ip6_finish_output+0x234/0x7d0 [ 85.327977][ T3688] ? ip6_output+0x126/0x550 [ 85.329706][ T3688] ip6_output+0x340/0x550 [ 85.331486][ T3688] NF_HOOK+0x9e/0x380 [ 85.333153][ T3688] ? NF_HOOK+0x101/0x380 [ 85.334989][ T3688] ? __pfx_NF_HOOK+0x10/0x10 [ 85.336971][ T3688] ? __pfx_dst_output+0x10/0x10 [ 85.339165][ T3688] ? icmp6_dst_alloc+0x3a5/0x420 [ 85.341263][ T3688] ? icmp6_dst_alloc+0x3a5/0x420 [ 85.343357][ T3688] mld_sendpack+0x8d4/0xe60 [ 85.345618][ T3688] ? mld_sendpack+0x1e7/0xe60 [ 85.348219][ T3688] ? __pfx_mld_sendpack+0x10/0x10 [ 85.350897][ T3688] ? mld_send_initial_cr+0x352/0x550 [ 85.353502][ T3688] ipv6_mc_dad_complete+0x88/0x410 [ 85.355873][ T3688] addrconf_dad_completed+0x6d5/0xd60 [ 85.358272][ T3688] ? __pfx_addrconf_dad_completed+0x10/0x10 [ 85.360642][ T3688] ? addrconf_dad_work+0xd83/0x14b0 [ 85.362917][ T3688] addrconf_dad_work+0xc36/0x14b0 [ 85.365226][ T3688] ? __pfx_addrconf_dad_work+0x10/0x10 [ 85.367596][ T3688] ? process_scheduled_works+0x9ef/0x1770 [ 85.370035][ T3688] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.372394][ T3688] ? process_scheduled_works+0x9ef/0x1770 [ 85.374721][ T3688] ? process_scheduled_works+0x9ef/0x1770 [ 85.377145][ T3688] process_scheduled_works+0xad1/0x1770 [ 85.379512][ T3688] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.382149][ T3688] worker_thread+0x8a0/0xda0 [ 85.384159][ T3688] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.386857][ T3688] ? __kthread_parkme+0x7b/0x200 [ 85.389003][ T3688] kthread+0x711/0x8a0 [ 85.390760][ T3688] ? __pfx_worker_thread+0x10/0x10 [ 85.393029][ T3688] ? __pfx_kthread+0x10/0x10 [ 85.395094][ T3688] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.397365][ T3688] ? lockdep_hardirqs_on+0x98/0x140 [ 85.399501][ T3688] ? __pfx_kthread+0x10/0x10 [ 85.401549][ T3688] ret_from_fork+0x599/0xb30 [ 85.403562][ T3688] ? __pfx_ret_from_fork+0x10/0x10 [ 85.405783][ T3688] ? __pfx_kthread+0x10/0x10 [ 85.407783][ T3688] ret_from_fork_asm+0x1a/0x30 [ 85.409856][ T3688] [ 85.411261][ T3688] Modules linked in: [ 85.413587][ T3688] ---[ end trace 0000000000000000 ]---