program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)
chdir(&(0x7f0000000080)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) (async)
chdir(&(0x7f0000000080)='./file0\x00') (async)

[  128.589829][ T5326] Bluetooth: hci0: command tx timeout
[  128.677648][ T5345] bridge_slave_0: left allmulticast mode
[  128.680015][ T5345] bridge_slave_0: left promiscuous mode
[  128.685425][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.694436][ T5345] bridge_slave_1: left allmulticast mode
[  128.696963][ T5345] bridge_slave_1: left promiscuous mode
[  128.699548][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.708198][ T5345] bond0: (slave bond_slave_0): Releasing backup interface
[  128.745365][ T5345] bond0: (slave bond_slave_1): Releasing backup interface
[  128.764552][ T5345] team0: Port device team_slave_0 removed
[  128.772145][ T5345] team0: Port device team_slave_1 removed
[  128.775488][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  128.778802][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_0
[  128.784040][ T5345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  128.787643][ T5345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  128.793409][ T5345] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  128.832055][ T5345] ip6gre0: entered promiscuous mode
[  128.843497][ T5345] team0: Port device ip6gre0 added
[  128.852656][ T5346] team0: Port device ip6gre0 removed
[  128.860423][ T5346] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  128.883708][  T789] skbuff: skb_under_panic: text:ffffffff8a27e968 len:136 put:40 head:ffff888043291000 data:ffff888043290fe8 tail:0x70 end:0x6c0 dev:team0
[  128.894792][  T789] ------------[ cut here ]------------
[  128.897082][  T789] kernel BUG at net/core/skbuff.c:213!
[  128.899410][  T789] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  128.902158][  T789] CPU: 0 UID: 0 PID: 789 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[  128.905955][  T789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.910458][  T789] Workqueue: mld mld_ifc_work
[  128.912716][  T789] RIP: 0010:skb_panic+0x157/0x160
[  128.914933][  T789] Code: c7 60 ac 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 ce 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[  128.922756][  T789] RSP: 0018:ffffc900029df400 EFLAGS: 00010286
[  128.925496][  T789] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 245fbb3cb142b100
[  128.929075][  T789] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  128.932566][  T789] RBP: 00000000000006c0 R08: ffff88801fc247d3 R09: 1ffff11003f848fa
[  128.935937][  T789] R10: dffffc0000000000 R11: ffffed1003f848fb R12: ffff888011baf3d0
[  128.939364][  T789] R13: ffff888043291000 R14: ffff888043290fe8 R15: 0000000000000070
[  128.942699][  T789] FS:  0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[  128.946553][  T789] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  128.949344][  T789] CR2: 00007f1a53609fc8 CR3: 0000000012680000 CR4: 0000000000352ef0
[  128.952691][  T789] Call Trace:
[  128.954183][  T789]  <TASK>
[  128.955410][  T789]  ? ip6gre_header+0xc8/0x790
[  128.957563][  T789]  ? ip6gre_header+0xc8/0x790
[  128.959604][  T789]  skb_push+0xc3/0xe0
[  128.961439][  T789]  ip6gre_header+0xc8/0x790
[  128.963530][  T789]  ? neigh_connected_output+0x1ea/0x460
[  128.965921][  T789]  ? __pfx_ip6gre_header+0x10/0x10
[  128.968218][  T789]  ? neigh_connected_output+0x1ea/0x460
[  128.970637][  T789]  ? read_seqbegin+0xac/0x180
[  128.972760][  T789]  ? neigh_connected_output+0x1ea/0x460
[  128.975235][  T789]  ? lockdep_hardirqs_on+0x7b/0x110
[  128.978466][  T789]  ? __pfx_ip6gre_header+0x10/0x10
[  128.980509][  T789]  neigh_connected_output+0x286/0x460
[  128.982742][  T789]  ip6_finish_output+0x234/0x7d0
[  128.984747][  T789]  ? ip6_output+0x126/0x550
[  128.986787][  T789]  ip6_output+0x340/0x550
[  128.988867][  T789]  NF_HOOK+0x9e/0x380
[  128.990816][  T789]  ? NF_HOOK+0x101/0x380
[  128.992624][  T789]  ? __pfx_NF_HOOK+0x10/0x10
[  128.994653][  T789]  ? __pfx_dst_output+0x10/0x10
[  128.996612][  T789]  ? lockdep_hardirqs_on+0x7b/0x110
[  128.998859][  T789]  ? __local_bh_enable_ip+0xd0/0x130
[  129.001234][  T789]  ? icmp6_dst_alloc+0x3a5/0x420
[  129.003332][  T789]  mld_sendpack+0x8d4/0xe60
[  129.005245][  T789]  ? mld_sendpack+0x1e7/0xe60
[  129.007210][  T789]  ? __pfx_mld_sendpack+0x10/0x10
[  129.009303][  T789]  mld_ifc_work+0x83e/0xd60
[  129.011346][  T789]  ? process_scheduled_works+0x9ef/0x1770
[  129.013848][  T789]  process_scheduled_works+0xad1/0x1770
[  129.016622][  T789]  ? __pfx_process_scheduled_works+0x10/0x10
[  129.019327][  T789]  ? do_raw_spin_lock+0x121/0x290
[  129.021518][  T789]  worker_thread+0x8a0/0xda0
[  129.023273][  T789]  kthread+0x711/0x8a0
[  129.024893][  T789]  ? __pfx_worker_thread+0x10/0x10
[  129.026922][  T789]  ? __pfx_kthread+0x10/0x10
[  129.028788][  T789]  ? _raw_spin_unlock_irq+0x23/0x50
[  129.030842][  T789]  ? __pfx_kthread+0x10/0x10
[  129.032689][  T789]  ret_from_fork+0x510/0xa50
[  129.034514][  T789]  ? __pfx_ret_from_fork+0x10/0x10
[  129.036387][  T789]  ? __switch_to+0xc9e/0x1480
[  129.038372][  T789]  ? __pfx_kthread+0x10/0x10
[  129.040279][  T789]  ret_from_fork_asm+0x1a/0x30
[  129.042263][  T789]  </TASK>
[  129.043589][  T789] Modules linked in:
[  129.045748][  T789] ---[ end trace 0000000000000000 ]---
[  129.048349][ T5345] team0: Port device ip6gre0 added
[  129.070180][  T789] RIP: 0010:skb_panic+0x157/0x160
[  129.072962][  T789] Code: c7 60 ac 6f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 ce 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90