program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000004001004000024001a80200002801c00018008001a00060000000800160002000000080010000004000008001b"], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000240)={0x100000000000003c, 0x0, [{0x4b564d03, 0x0, 0x1}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r9 = accept4$alg(r8, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x1, 0x0, r9, 0x0}])
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x60, 0x10, 0x403, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @gre={{0x8}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xe}, @IFLA_GRE_IKEY={0x8, 0x4, 0x3f62}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x800)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000004001004000024001a80200002801c00018008001a00060000000800160002000000080010000004000008001b"], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80e02, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xbe, 0x0, 0x1}) (async)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000240)={0x100000000000003c, 0x0, [{0x4b564d03, 0x0, 0x1}]}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$alg(0x26, 0x5, 0x0) (async)
bind$alg(r8, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) (async)
accept4$alg(r8, 0x0, 0x0, 0x0) (async)
io_setup(0xff, &(0x7f0000000380)) (async)
io_submit(r10, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x1, 0x0, r9, 0x0}]) (async)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x60, 0x10, 0x403, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @gre={{0x8}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xe}, @IFLA_GRE_IKEY={0x8, 0x4, 0x3f62}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x800) (async)

[   85.020430][ T5323] Bluetooth: hci0: command tx timeout
[   85.185655][ T5352] bridge_slave_0: left allmulticast mode
[   85.189322][ T5352] bridge_slave_0: left promiscuous mode
[   85.192312][ T5352] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.200971][ T5352] bridge_slave_1: left allmulticast mode
[   85.203540][ T5352] bridge_slave_1: left promiscuous mode
[   85.211783][ T5352] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.219313][ T5352] bond0: (slave bond_slave_0): Releasing backup interface
[   85.227412][ T5352] bond0: (slave bond_slave_1): Releasing backup interface
[   85.253136][ T5352] team0: Port device team_slave_0 removed
[   85.261047][ T5352] team0: Port device team_slave_1 removed
[   85.264403][ T5352] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.269323][ T5352] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.274919][ T5352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.279321][ T5352] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.284981][ T5352] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.321627][ T5353] gre1: entered promiscuous mode
[   85.323755][ T5353] gre1: entered allmulticast mode
[   85.334689][ T5353] skbuff: skb_under_panic: text:ffffffff89ec2b07 len:-1825603308 put:-1825603332 head:ffff888042902d80 data:ffff887faf60ad44 tail:0xd8 end:0x180 dev:bond0
[   85.343058][ T5353] ------------[ cut here ]------------
[   85.345424][ T5353] kernel BUG at net/core/skbuff.c:213!
[   85.348635][ T5353] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   85.351323][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.355195][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.359982][ T5353] RIP: 0010:skb_panic+0x157/0x160
[   85.362303][ T5353] Code: c7 60 b0 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 4e 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   85.370158][ T5353] RSP: 0018:ffffc9000ce26720 EFLAGS: 00010282
[   85.372569][ T5353] RAX: 0000000000000098 RBX: dffffc0000000000 RCX: 428552127db4a800
[   85.375719][ T5353] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   85.378855][ T5353] RBP: 0000000000000180 R08: ffffc9000ce26487 R09: 1ffff920019c4c90
[   85.382149][ T5353] R10: dffffc0000000000 R11: fffff520019c4c91 R12: ffff888038adaa10
[   85.385450][ T5353] R13: ffff888042902d80 R14: ffff887faf60ad44 R15: 00000000000000d8
[   85.388925][ T5353] FS:  00007f3ec40496c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   85.392738][ T5353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.395643][ T5353] CR2: 00007ffe5775bd80 CR3: 000000001170b000 CR4: 0000000000352ef0
[   85.399144][ T5353] Call Trace:
[   85.400622][ T5353]  <TASK>
[   85.401977][ T5353]  ? ipgre_header+0x67/0x290
[   85.404035][ T5353]  ? ipgre_header+0x67/0x290
[   85.406012][ T5353]  skb_push+0xc3/0xe0
[   85.407845][ T5353]  ipgre_header+0x67/0x290
[   85.409786][ T5353]  arp_create+0x3fd/0x990
[   85.411656][ T5353]  ? __pfx_arp_create+0x10/0x10
[   85.413796][ T5353]  arp_send+0xa5/0x190
[   85.415527][ T5353]  inetdev_event+0x1156/0x15b0
[   85.417628][ T5353]  ? __pfx_inetdev_event+0x10/0x10
[   85.419784][ T5353]  notifier_call_chain+0x19d/0x3a0
[   85.422074][ T5353]  netif_open+0xfd/0x170
[   85.423928][ T5353]  ? __pfx_netif_open+0x10/0x10
[   85.426043][ T5353]  ? bond_setup_by_slave+0x1c0/0x3d0
[   85.428342][ T5353]  dev_open+0x125/0x260
[   85.430141][ T5353]  bond_enslave+0x6ca/0x3ac0
[   85.432128][ T5353]  ? __alloc_skb+0x198/0x3a0
[   85.434159][ T5353]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[   85.436829][ T5353]  ? __pfx_bond_enslave+0x10/0x10
[   85.439025][ T5353]  ? __pfx___dev_notify_flags+0x10/0x10
[   85.441459][ T5353]  ? __dev_change_flags+0x507/0x680
[   85.443644][ T5353]  ? mutex_is_locked+0x17/0x50
[   85.445756][ T5353]  do_set_master+0x533/0x6d0
[   85.447820][ T5353]  rtnl_newlink_create+0x677/0xb00
[   85.450105][ T5353]  ? __pfx_rtnl_newlink_create+0x10/0x10
[   85.452621][ T5353]  ? __pfx___mutex_lock+0x10/0x10
[   85.454842][ T5353]  ? ns_capable+0x8a/0xf0
[   85.456818][ T5353]  rtnl_newlink+0x16e7/0x1c90
[   85.458799][ T5353]  ? __pfx_rtnl_newlink+0x10/0x10
[   85.461031][ T5353]  ? do_syscall_64+0xec/0xf80
[   85.463361][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.466260][ T5353]  ? kasan_quarantine_put+0xbb/0x1f0
[   85.468746][ T5353]  ? lockdep_hardirqs_on+0x7b/0x110
[   85.470972][ T5353]  ? kmem_cache_free+0x197/0x620
[   85.473135][ T5353]  ? nlmon_xmit+0xb0/0x100
[   85.475179][ T5353]  ? __lock_acquire+0x6b6/0x2cf0
[   85.477327][ T5353]  ? __local_bh_enable_ip+0xd0/0x130
[   85.479632][ T5353]  ? lockdep_hardirqs_on+0x7b/0x110
[   85.481928][ T5353]  ? __dev_queue_xmit+0x289/0x31c0
[   85.484110][ T5353]  ? __local_bh_enable_ip+0xd0/0x130
[   85.486284][ T5353]  ? __dev_queue_xmit+0x289/0x31c0
[   85.488370][ T5353]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   85.490591][ T5353]  ? __pfx_rtnl_newlink+0x10/0x10
[   85.492907][ T5353]  rtnetlink_rcv_msg+0x7cf/0xb70
[   85.495057][ T5353]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   85.497284][ T5353]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.499672][ T5353]  ? ref_tracker_free+0x63a/0x7d0
[   85.501899][ T5353]  ? __asan_memcpy+0x40/0x70
[   85.503921][ T5353]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.506161][ T5353]  ? __skb_clone+0x63/0x7a0
[   85.509445][ T5353]  netlink_rcv_skb+0x208/0x470
[   85.511573][ T5353]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.513924][ T5353]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.516202][ T5353]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.518448][ T5353]  netlink_unicast+0x82f/0x9e0
[   85.520568][ T5353]  ? __pfx_netlink_unicast+0x10/0x10
[   85.522919][ T5353]  ? __alloc_skb+0x198/0x3a0
[   85.524845][ T5353]  ? netlink_sendmsg+0x642/0xb30
[   85.527029][ T5353]  ? skb_put+0x11b/0x210
[   85.528857][ T5353]  netlink_sendmsg+0x805/0xb30
[   85.530924][ T5353]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.533235][ T5353]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.535397][ T5353]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.537684][ T5353]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.540002][ T5353]  __sock_sendmsg+0x21c/0x270
[   85.542079][ T5353]  ____sys_sendmsg+0x505/0x820
[   85.544168][ T5353]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.546464][ T5353]  ? import_iovec+0x74/0xa0
[   85.548451][ T5353]  ___sys_sendmsg+0x21f/0x2a0
[   85.550486][ T5353]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.552742][ T5353]  ? count_memcg_event_mm+0x21/0x260
[   85.555110][ T5353]  ? __fget_files+0x2a/0x420
[   85.557189][ T5353]  ? __fget_files+0x3a0/0x420
[   85.559191][ T5353]  __x64_sys_sendmsg+0x19b/0x260
[   85.561376][ T5353]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.563753][ T5353]  ? do_user_addr_fault+0xc85/0x1380
[   85.566023][ T5353]  do_syscall_64+0xec/0xf80
[   85.568090][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.570700][ T5353]  ? trace_irq_disable+0x37/0x100
[   85.572857][ T5353]  ? clear_bhb_loop+0x60/0xb0
[   85.574956][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.577430][ T5353] RIP: 0033:0x7f3ec318f7c9
[   85.579260][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.586987][ T5353] RSP: 002b:00007f3ec4049038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.590350][ T5353] RAX: ffffffffffffffda RBX: 00007f3ec33e6090 RCX: 00007f3ec318f7c9
[   85.593766][ T5353] RDX: 0000000000000800 RSI: 0000200000000280 RDI: 0000000000000007
[   85.597150][ T5353] RBP: 00007f3ec3213f91 R08: 0000000000000000 R09: 0000000000000000
[   85.600519][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.603918][ T5353] R13: 00007f3ec33e6128 R14: 00007f3ec33e6090 R15: 00007ffe5775c538
[   85.607354][ T5353]  </TASK>
[   85.608707][ T5353] Modules linked in:
[   85.611539][ T5353] ---[ end trace 0000000000000000 ]---
[   85.623787][ T5353] RIP: 0010:skb_panic+0x157/0x160
[   85.626259][ T5353] Code: c7 60 b0 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 4e 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   85.634766][ T5353] RSP: 0018:ffffc9000ce26720 EFLAGS: 00010282
[   85.638145][ T5353] RAX: 0000000000000098 RBX: dffffc0000000000 RCX: 428552127db4a800
[   85.641458][ T5353] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   85.644876][ T5353] RBP: 0000000000000180 R08: ffffc9000ce26487 R09: 1ffff920019c4c90
[   85.649043][ T5353] R10: dffffc0000000000 R11: fffff520019c4c91 R12: ffff888038adaa10
[   85.652250][ T5353] R13: ffff888042902d80 R14: ffff887faf60ad44 R15: 00000000000000d8
[   85.655761][ T5353] FS:  00007f3ec40496c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   85.660350][ T5353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.662883][ T5353] CR2: 00007ffe5775bd80 CR3: 000000001170b000 CR4: 0000000000352ef0
[   85.666666][ T5353] Kernel panic - not syncing: Fatal exception
[   85.669576][ T5353] Kernel Offset: disabled
[   85.671498][ T5353] Rebooting in 86400 seconds..