program:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xc0}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x10, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @ni={0x8c, 0x0, 0x0, 0x3, 0x8, 0x9}}}}}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x44004)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xc0}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async)
syz_emit_ethernet(0x46, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x10, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @ni={0x8c, 0x0, 0x0, 0x3, 0x8, 0x9}}}}}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)) (async)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}}, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x44004) (async)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00') (async)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) (async)

[   85.255609][   T47] Bluetooth: hci0: command tx timeout
[   85.395518][ T5350] bridge_slave_0: left allmulticast mode
[   85.418301][ T5350] bridge_slave_0: left promiscuous mode
[   85.446309][ T5350] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.454069][ T5350] bridge_slave_1: left allmulticast mode
[   85.484876][ T5350] bridge_slave_1: left promiscuous mode
[   85.495199][ T5350] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.520009][ T5350] bond0: (slave bond_slave_0): Releasing backup interface
[   85.538998][ T5350] bond0: (slave bond_slave_1): Releasing backup interface
[   85.575054][ T5350] team0: Port device team_slave_0 removed
[   85.593530][ T5350] team0: Port device team_slave_1 removed
[   85.596956][ T5350] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.600110][ T5350] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.615174][ T5350] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.623935][ T5350] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.629031][ T5350] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.663108][ T5350] ip6gre0: entered promiscuous mode
[   85.671895][ T5350] team0: Port device ip6gre0 added
[   85.679618][ T5349] team0: Port device ip6gre0 removed
[   85.699739][ T5349] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.708473][  T809] skbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888042fc9000 data:ffff888042fc8fe8 tail:0x70 end:0x6c0 dev:team0
[   85.714885][  T809] ------------[ cut here ]------------
[   85.717370][  T809] kernel BUG at net/core/skbuff.c:213!
[   85.733761][  T809] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   85.736409][  T809] CPU: 0 UID: 0 PID: 809 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[   85.740467][  T809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.744999][  T809] Workqueue: mld mld_ifc_work
[   85.747123][  T809] RIP: 0010:skb_panic+0x157/0x160
[   85.749141][  T809] Code: c7 e0 1a 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 8e 94 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   85.757457][  T809] RSP: 0018:ffffc90002327280 EFLAGS: 00010282
[   85.760191][  T809] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: aa8bfd3bd256be00
[   85.763558][  T809] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   85.766816][  T809] RBP: 00000000000006c0 R08: ffffc90002326f87 R09: 1ffff92000464df0
[   85.770269][  T809] R10: dffffc0000000000 R11: fffff52000464df1 R12: ffff88801edbaa10
[   85.773670][  T809] R13: ffff888042fc9000 R14: ffff888042fc8fe8 R15: 0000000000000070
[   85.777043][  T809] FS:  0000000000000000(0000) GS:ffff88808d683000(0000) knlGS:0000000000000000
[   85.780918][  T809] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.783722][  T809] CR2: 00007f09a051d010 CR3: 000000000b5d7000 CR4: 0000000000352ef0
[   85.787109][  T809] Call Trace:
[   85.788628][  T809]  <TASK>
[   85.789985][  T809]  ? ip6gre_header+0xc8/0x790
[   85.791999][  T809]  ? ip6gre_header+0xc8/0x790
[   85.794020][  T809]  skb_push+0xc3/0xe0
[   85.795811][  T809]  ip6gre_header+0xc8/0x790
[   85.797865][  T809]  ? __pfx_ip6gre_header+0x10/0x10
[   85.800157][  T809]  ? read_seqbegin+0x1ac/0x250
[   85.802269][  T809]  ? __pfx_read_seqbegin+0x10/0x10
[   85.804603][  T809]  ? ___neigh_create+0x1c5f/0x2230
[   85.806891][  T809]  ? __pfx_ip6gre_header+0x10/0x10
[   85.809210][  T809]  neigh_connected_output+0x286/0x460
[   85.811624][  T809]  ip6_finish_output2+0xfb3/0x1480
[   85.813806][  T809]  ? __pfx_ip6_finish_output2+0x10/0x10
[   85.816210][  T809]  ? ip6_mtu+0x7d/0x490
[   85.817960][  T809]  ? ip6_mtu+0x7d/0x490
[   85.819787][  T809]  ip6_finish_output+0x234/0x7d0
[   85.821969][  T809]  ? ip6_output+0x126/0x550
[   85.823979][  T809]  ip6_output+0x340/0x550
[   85.825929][  T809]  NF_HOOK+0x9e/0x380
[   85.827664][  T809]  ? NF_HOOK+0x101/0x380
[   85.829360][  T809]  ? __pfx_NF_HOOK+0x10/0x10
[   85.831317][  T809]  ? __pfx_dst_output+0x10/0x10
[   85.833383][  T809]  ? icmp6_dst_alloc+0x3a5/0x420
[   85.835882][  T809]  ? icmp6_dst_alloc+0x3a5/0x420
[   85.838293][  T809]  mld_sendpack+0x8d4/0xe60
[   85.840321][  T809]  ? mld_sendpack+0x1e7/0xe60
[   85.842261][  T809]  ? __pfx_mld_sendpack+0x10/0x10
[   85.844451][  T809]  mld_ifc_work+0x83e/0xd60
[   85.846494][  T809]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.848756][  T809]  ? process_scheduled_works+0x9ef/0x1770
[   85.851069][  T809]  process_scheduled_works+0xad1/0x1770
[   85.853497][  T809]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.856322][  T809]  worker_thread+0x8a0/0xda0
[   85.858813][  T809]  kthread+0x711/0x8a0
[   85.861075][  T809]  ? __pfx_worker_thread+0x10/0x10
[   85.863692][  T809]  ? __pfx_kthread+0x10/0x10
[   85.865727][  T809]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.868409][  T809]  ? lockdep_hardirqs_on+0x98/0x140
[   85.870679][  T809]  ? __pfx_kthread+0x10/0x10
[   85.872655][  T809]  ret_from_fork+0x599/0xb30
[   85.874643][  T809]  ? __pfx_ret_from_fork+0x10/0x10
[   85.876795][  T809]  ? __pfx_kthread+0x10/0x10
[   85.878808][  T809]  ret_from_fork_asm+0x1a/0x30
[   85.880948][  T809]  </TASK>
[   85.882274][  T809] Modules linked in:
[   85.884526][  T809] ---[ end trace 0000000000000000 ]---
[   85.906648][  T809] RIP: 0010:skb_panic+0x157/0x160
[   85.908588][  T809] Code: c7 e0 1a 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 8e 94 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   85.917020][  T809] RSP: 0018:ffffc90002327280 EFLAGS: 00010282
[   85.919935][  T809] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: aa8bfd3bd256be00
[   85.922887][  T809] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   85.926399][  T809] RBP: 00000000000006c0 R08: ffffc90002326f87 R09: 1ffff92000464df0
[   85.930043][  T809] R10: dffffc0000000000 R11: fffff52000464df1 R12: ffff88801edbaa10
[   85.933133][  T809] R13: ffff888042fc9000 R14: ffff888042fc8fe8 R15: 0000000000000070
[   85.937180][  T809] FS:  0000000000000000(0000) GS:ffff88808d683000(0000) knlGS:0000000000000000
[   85.941048][  T809] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.943887][  T809] CR2: 00007ffe4dd0df80 CR3: 0000000011694000 CR4: 0000000000352ef0
[   85.948264][  T809] Kernel panic - not syncing: Fatal exception
[   85.951365][  T809] Kernel Offset: disabled
[   85.953188][  T809] Rebooting in 86400 seconds..