program:
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000300)={'pcl711\x00', [0x2f00, 0x5, 0xd09a, 0x3b, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x100006, 0x5, 0xa, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0xe2df, 0x2, 0x8001, 0x7, 0x3, 0x4, 0x5, 0x470f]})
ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x4})
socket$nl_generic(0x10, 0x3, 0x10)
socket$rds(0x15, 0x5, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x11, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a603f00000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r3], 0x4c}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

[   85.453074][ T5342] Bluetooth: hci0: command tx timeout
[   85.495386][ T5368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   85.500015][ T5368] IPv6: NLM_F_CREATE should be set when creating new route
[   85.510968][ T5368] IPv6: NLM_F_CREATE should be set when creating new route
[   85.530089][ T5368] ------------[ cut here ]------------
[   85.532406][ T5368] WARNING: CPU: 0 PID: 5368 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0xed8/0x1080
[   85.537035][ T5368] Modules linked in:
[   85.538699][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.542801][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.548094][ T5368] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[   85.550547][ T5368] Code: fa be 02 00 00 00 eb 0a e8 35 2b a6 fa be 01 00 00 00 4c 89 f7 e8 f8 88 b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 19 2b a6 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[   85.558716][ T5368] RSP: 0018:ffffc9000d317008 EFLAGS: 00010283
[   85.561430][ T5368] RAX: ffffffff87199f87 RBX: 0000000000000001 RCX: 0000000000100000
[   85.565098][ T5368] RDX: ffffc9000e1e2000 RSI: 000000000000135a RDI: 000000000000135b
[   85.568274][ T5368] RBP: dffffc0000000000 R08: ffff888011f6dc2f R09: 1ffff110023edb85
[   85.571499][ T5368] R10: dffffc0000000000 R11: ffffed10023edb86 R12: ffff88803f02e000
[   85.575402][ T5368] R13: ffffc9000d317180 R14: 0000000000000000 R15: ffffc9000d317198
[   85.579201][ T5368] FS:  00007f996c8256c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   85.582909][ T5368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.585691][ T5368] CR2: 00007f996bbb8558 CR3: 0000000042a8d000 CR4: 0000000000352ef0
[   85.589573][ T5368] Call Trace:
[   85.591056][ T5368]  <TASK>
[   85.592332][ T5368]  notifier_call_chain+0x1b6/0x3e0
[   85.594805][ T5368]  ? atomic_notifier_call_chain+0x26/0x180
[   85.597193][ T5368]  atomic_notifier_call_chain+0xda/0x180
[   85.599687][ T5368]  call_fib_notifiers+0x31/0x60
[   85.601726][ T5368]  call_fib6_multipath_entry_notifiers+0xe6/0x150
[   85.604548][ T5368]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   85.607374][ T5368]  ? inet6_rtm_newroute+0xe8b/0x18c0
[   85.609523][ T5368]  inet6_rtm_newroute+0x12f5/0x18c0
[   85.611626][ T5368]  ? nlmon_xmit+0xb0/0x100
[   85.613662][ T5368]  ? kmem_cache_free+0x18f/0x400
[   85.615738][ T5368]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.617990][ T5368]  ? __local_bh_enable_ip+0x12d/0x1c0
[   85.620180][ T5368]  ? __dev_queue_xmit+0x27b/0x3b50
[   85.622213][ T5368]  ? __dev_queue_xmit+0x1d79/0x3b50
[   85.624358][ T5368]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.626707][ T5368]  rtnetlink_rcv_msg+0x7cc/0xb70
[   85.628695][ T5368]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   85.630732][ T5368]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.633222][ T5368]  ? ref_tracker_free+0x63a/0x7d0
[   85.635410][ T5368]  ? __asan_memcpy+0x40/0x70
[   85.637487][ T5368]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.639864][ T5368]  ? __skb_clone+0x63/0x7a0
[   85.642021][ T5368]  netlink_rcv_skb+0x208/0x470
[   85.644208][ T5368]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.646533][ T5368]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.648757][ T5368]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.650917][ T5368]  netlink_unicast+0x82f/0x9e0
[   85.652972][ T5368]  ? __pfx_netlink_unicast+0x10/0x10
[   85.655193][ T5368]  ? netlink_sendmsg+0x642/0xb30
[   85.657075][ T5368]  ? skb_put+0x11b/0x210
[   85.658831][ T5368]  netlink_sendmsg+0x805/0xb30
[   85.660906][ T5368]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.663173][ T5368]  ? aa_sock_msg_perm+0xf1/0x1d0
[   85.665262][ T5368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.667436][ T5368]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.669624][ T5368]  __sock_sendmsg+0x219/0x270
[   85.671639][ T5368]  ____sys_sendmsg+0x505/0x830
[   85.673864][ T5368]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.676274][ T5368]  ? import_iovec+0x74/0xa0
[   85.678179][ T5368]  ___sys_sendmsg+0x21f/0x2a0
[   85.680077][ T5368]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.682292][ T5368]  ? __fget_files+0x2a/0x420
[   85.684283][ T5368]  ? __fget_files+0x3a0/0x420
[   85.686385][ T5368]  __x64_sys_sendmsg+0x19b/0x260
[   85.688492][ T5368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.691046][ T5368]  ? rcu_is_watching+0x15/0xb0
[   85.693347][ T5368]  ? do_syscall_64+0xbe/0x3b0
[   85.695373][ T5368]  do_syscall_64+0xfa/0x3b0
[   85.697333][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.699583][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.702222][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   85.704351][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.707113][ T5368] RIP: 0033:0x7f996b98eec9
[   85.709119][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.717702][ T5368] RSP: 002b:00007f996c825038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.721171][ T5368] RAX: ffffffffffffffda RBX: 00007f996bbe5fa0 RCX: 00007f996b98eec9
[   85.724274][ T5368] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
[   85.727459][ T5368] RBP: 00007f996ba11f91 R08: 0000000000000000 R09: 0000000000000000
[   85.730933][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.734279][ T5368] R13: 00007f996bbe6038 R14: 00007f996bbe5fa0 R15: 00007fffe0193218
[   85.737450][ T5368]  </TASK>
[   85.738847][ T5368] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.742096][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.746040][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.750338][ T5368] Call Trace:
[   85.751764][ T5368]  <TASK>
[   85.753065][ T5368]  dump_stack_lvl+0x99/0x250
[   85.754951][ T5368]  ? __asan_memcpy+0x40/0x70
[   85.756875][ T5368]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.759119][ T5368]  ? __pfx__printk+0x10/0x10
[   85.760830][ T5368]  vpanic+0x281/0x750
[   85.762567][ T5368]  ? __pfx__printk+0x10/0x10
[   85.764589][ T5368]  ? __pfx_vpanic+0x10/0x10
[   85.766556][ T5368]  ? is_bpf_text_address+0x26/0x2b0
[   85.768798][ T5368]  panic+0xb9/0xc0
[   85.770328][ T5368]  ? __pfx_panic+0x10/0x10
[   85.772186][ T5368]  __warn+0x31b/0x4b0
[   85.773792][ T5368]  ? nsim_fib_event_nb+0xed8/0x1080
[   85.776086][ T5368]  ? nsim_fib_event_nb+0xed8/0x1080
[   85.778319][ T5368]  report_bug+0x2be/0x4f0
[   85.780271][ T5368]  ? nsim_fib_event_nb+0xed8/0x1080
[   85.782671][ T5368]  ? nsim_fib_event_nb+0xed8/0x1080
[   85.784869][ T5368]  ? nsim_fib_event_nb+0xeda/0x1080
[   85.787021][ T5368]  handle_bug+0x84/0x160
[   85.788868][ T5368]  exc_invalid_op+0x1a/0x50
[   85.790744][ T5368]  asm_exc_invalid_op+0x1a/0x20
[   85.792854][ T5368] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[   85.795339][ T5368] Code: fa be 02 00 00 00 eb 0a e8 35 2b a6 fa be 01 00 00 00 4c 89 f7 e8 f8 88 b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 19 2b a6 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[   85.803075][ T5368] RSP: 0018:ffffc9000d317008 EFLAGS: 00010283
[   85.805741][ T5368] RAX: ffffffff87199f87 RBX: 0000000000000001 RCX: 0000000000100000
[   85.809014][ T5368] RDX: ffffc9000e1e2000 RSI: 000000000000135a RDI: 000000000000135b
[   85.812293][ T5368] RBP: dffffc0000000000 R08: ffff888011f6dc2f R09: 1ffff110023edb85
[   85.815702][ T5368] R10: dffffc0000000000 R11: ffffed10023edb86 R12: ffff88803f02e000
[   85.818972][ T5368] R13: ffffc9000d317180 R14: 0000000000000000 R15: ffffc9000d317198
[   85.822348][ T5368]  ? nsim_fib_event_nb+0xed7/0x1080
[   85.824375][ T5368]  ? nsim_fib_event_nb+0xed7/0x1080
[   85.826555][ T5368]  notifier_call_chain+0x1b6/0x3e0
[   85.828637][ T5368]  ? atomic_notifier_call_chain+0x26/0x180
[   85.831101][ T5368]  atomic_notifier_call_chain+0xda/0x180
[   85.833360][ T5368]  call_fib_notifiers+0x31/0x60
[   85.835456][ T5368]  call_fib6_multipath_entry_notifiers+0xe6/0x150
[   85.837983][ T5368]  ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[   85.840837][ T5368]  ? inet6_rtm_newroute+0xe8b/0x18c0
[   85.842962][ T5368]  inet6_rtm_newroute+0x12f5/0x18c0
[   85.845193][ T5368]  ? nlmon_xmit+0xb0/0x100
[   85.847026][ T5368]  ? kmem_cache_free+0x18f/0x400
[   85.849092][ T5368]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.851432][ T5368]  ? __local_bh_enable_ip+0x12d/0x1c0
[   85.853766][ T5368]  ? __dev_queue_xmit+0x27b/0x3b50
[   85.855836][ T5368]  ? __dev_queue_xmit+0x1d79/0x3b50
[   85.858004][ T5368]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   85.860173][ T5368]  rtnetlink_rcv_msg+0x7cc/0xb70
[   85.862192][ T5368]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   85.864260][ T5368]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.866350][ T5368]  ? ref_tracker_free+0x63a/0x7d0
[   85.868454][ T5368]  ? __asan_memcpy+0x40/0x70
[   85.870357][ T5368]  ? __pfx_ref_tracker_free+0x10/0x10
[   85.872683][ T5368]  ? __skb_clone+0x63/0x7a0
[   85.874601][ T5368]  netlink_rcv_skb+0x208/0x470
[   85.876711][ T5368]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   85.878932][ T5368]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   85.881010][ T5368]  ? netlink_deliver_tap+0x2e/0x1b0
[   85.882956][ T5368]  netlink_unicast+0x82f/0x9e0
[   85.884971][ T5368]  ? __pfx_netlink_unicast+0x10/0x10
[   85.887086][ T5368]  ? netlink_sendmsg+0x642/0xb30
[   85.889115][ T5368]  ? skb_put+0x11b/0x210
[   85.890608][ T5368]  netlink_sendmsg+0x805/0xb30
[   85.892713][ T5368]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.895138][ T5368]  ? aa_sock_msg_perm+0xf1/0x1d0
[   85.897736][ T5368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.900509][ T5368]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.903186][ T5368]  __sock_sendmsg+0x219/0x270
[   85.905643][ T5368]  ____sys_sendmsg+0x505/0x830
[   85.908123][ T5368]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.910881][ T5368]  ? import_iovec+0x74/0xa0
[   85.912968][ T5368]  ___sys_sendmsg+0x21f/0x2a0
[   85.914922][ T5368]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.917058][ T5368]  ? __fget_files+0x2a/0x420
[   85.918890][ T5368]  ? __fget_files+0x3a0/0x420
[   85.920817][ T5368]  __x64_sys_sendmsg+0x19b/0x260
[   85.922714][ T5368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.924863][ T5368]  ? rcu_is_watching+0x15/0xb0
[   85.926761][ T5368]  ? do_syscall_64+0xbe/0x3b0
[   85.928756][ T5368]  do_syscall_64+0xfa/0x3b0
[   85.930601][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.932638][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.934943][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   85.936952][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.939319][ T5368] RIP: 0033:0x7f996b98eec9
[   85.941178][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.948570][ T5368] RSP: 002b:00007f996c825038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.951886][ T5368] RAX: ffffffffffffffda RBX: 00007f996bbe5fa0 RCX: 00007f996b98eec9
[   85.955054][ T5368] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
[   85.958165][ T5368] RBP: 00007f996ba11f91 R08: 0000000000000000 R09: 0000000000000000
[   85.961446][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.964695][ T5368] R13: 00007f996bbe6038 R14: 00007f996bbe5fa0 R15: 00007fffe0193218
[   85.967952][ T5368]  </TASK>
[   85.969493][ T5368] Kernel Offset: disabled
[   85.971144][ T5368] Rebooting in 86400 seconds..