program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000020701010000000000000000050000335e4165214804047e1c807d9344c353728fd80d1b4291c3c90a1a3ed2f3686c76"], 0x18}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000340)=@assoc_value, &(0x7f0000000280)=0x8)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0)
io_setup(0x8, &(0x7f0000000080)=<r5=>0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)=<r6=>0x0)
r7 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
unlinkat(r7, &(0x7f0000000000)='./file1\x00', 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r6, r7, 0x0, 0x2, &(0x7f0000000140)='$\x00'}, 0x30)
io_submit(r5, 0x1, &(0x7f0000000880)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x7d88, r4, &(0x7f00000000c0)="09cd4be9", 0x4, 0x5}])
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010000d042abd70f8ffffffffffffff00", @ANYRES32=r8, @ANYBLOB="01000000000000002400128009000100626f6e640000000014000280050001000400000005000e0003"], 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', &(0x7f0000000380)={0x100, 0xc4, 0x8}, 0x18)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000000)={'team0\x00', <r11=>0x0})
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r13 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r13, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCBRDELBR(r9, 0x89a2, &(0x7f0000000000)='bridge0\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)

[   75.386582][ T4666] Bluetooth: hci0: command tx timeout
[   75.439379][ T5317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   75.470415][ T5317] 8021q: adding VLAN 0 to HW filter on device bond1
[   75.485669][ T5317] bridge_slave_0: left allmulticast mode
[   75.488460][ T5317] bridge_slave_0: left promiscuous mode
[   75.490903][ T5317] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.499873][ T5317] bridge_slave_1: left allmulticast mode
[   75.502293][ T5317] bridge_slave_1: left promiscuous mode
[   75.507038][ T5317] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.517866][ T5317] bond0: (slave bond_slave_0): Releasing backup interface
[   75.526809][ T5317] bond0: (slave bond_slave_1): Releasing backup interface
[   75.540289][ T5317] team0: Port device team_slave_0 removed
[   75.547536][ T5317] team0: Port device team_slave_1 removed
[   75.550318][ T5317] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.553333][ T5317] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.559171][ T5317] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.563008][ T5317] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.570403][ T5317] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   75.594591][ T5317] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   75.625149][ T5311] skbuff: skb_under_panic: text:ffffffff89dad7a7 len:861523604 put:861523508 head:ffff888032a53000 data:ffff887fff4b628c tail:0x120 end:0x6c0 dev:team0
[   75.632558][ T5311] ------------[ cut here ]------------
[   75.635667][ T5311] kernel BUG at net/core/skbuff.c:212!
[   75.639583][ T5311] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   75.642511][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) 
[   75.646362][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.653877][ T5311] Workqueue: mld mld_ifc_work
[   75.656132][ T5311] RIP: 0010:skb_panic+0x157/0x160
[   75.658438][ T5311] Code: c7 20 cc 6c 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 fe 97 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   75.666500][ T5311] RSP: 0018:ffffc9000d3af398 EFLAGS: 00010282
[   75.669076][ T5311] RAX: 0000000000000095 RBX: dffffc0000000000 RCX: c14898c69b180300
[   75.672448][ T5311] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   75.675528][ T5311] RBP: 00000000000006c0 R08: ffffc9000d3af0a7 R09: 1ffff92001a75e14
[   75.678874][ T5311] R10: dffffc0000000000 R11: fffff52001a75e15 R12: ffff888042174b50
[   75.682289][ T5311] R13: ffff888032a53000 R14: ffff887fff4b628c R15: 0000000000000120
[   75.685632][ T5311] FS:  0000000000000000(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   75.689380][ T5311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.691994][ T5311] CR2: 00007fdebd1d7fc8 CR3: 0000000012252000 CR4: 0000000000352ef0
[   75.695371][ T5311] Call Trace:
[   75.696971][ T5311]  <TASK>
[   75.698206][ T5311]  ? ipgre_header+0x67/0x290
[   75.700148][ T5311]  ? ipgre_header+0x67/0x290
[   75.702223][ T5311]  skb_push+0xc3/0xe0
[   75.704043][ T5311]  ipgre_header+0x67/0x290
[   75.705935][ T5311]  ? __pfx_ipgre_header+0x10/0x10
[   75.708119][ T5311]  neigh_connected_output+0x286/0x460
[   75.710395][ T5311]  ip6_finish_output2+0xfb3/0x1480
[   75.712606][ T5311]  ? __pfx_ip6_finish_output2+0x10/0x10
[   75.715141][ T5311]  ? ip6_mtu+0x7d/0x490
[   75.716961][ T5311]  ? ip6_mtu+0x7d/0x490
[   75.718765][ T5311]  ip6_finish_output+0x234/0x7d0
[   75.720848][ T5311]  ? ip6_output+0x126/0x550
[   75.722742][ T5311]  ip6_output+0x340/0x550
[   75.724475][ T5311]  NF_HOOK+0x9e/0x380
[   75.726065][ T5311]  ? NF_HOOK+0x101/0x380
[   75.727960][ T5311]  ? __pfx_NF_HOOK+0x10/0x10
[   75.729850][ T5311]  ? __pfx_dst_output+0x10/0x10
[   75.731912][ T5311]  ? icmp6_dst_alloc+0x3a5/0x420
[   75.734154][ T5311]  ? icmp6_dst_alloc+0x3a5/0x420
[   75.736401][ T5311]  mld_sendpack+0x8d4/0xe60
[   75.738683][ T5311]  ? mld_sendpack+0x1e7/0xe60
[   75.741142][ T5311]  ? __pfx_mld_sendpack+0x10/0x10
[   75.743336][ T5311]  mld_ifc_work+0x83e/0xd60
[   75.745407][ T5311]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.747796][ T5311]  ? process_scheduled_works+0x9ef/0x17b0
[   75.750117][ T5311]  process_scheduled_works+0xae1/0x17b0
[   75.752352][ T5311]  ? __pfx_process_scheduled_works+0x10/0x10
[   75.755005][ T5311]  worker_thread+0x8a0/0xda0
[   75.757102][ T5311]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.759734][ T5311]  ? __kthread_parkme+0x7b/0x200
[   75.761933][ T5311]  kthread+0x711/0x8a0
[   75.763760][ T5311]  ? __pfx_worker_thread+0x10/0x10
[   75.765799][ T5311]  ? __pfx_kthread+0x10/0x10
[   75.767904][ T5311]  ? _raw_spin_unlock_irq+0x23/0x50
[   75.770123][ T5311]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.772284][ T5311]  ? __pfx_kthread+0x10/0x10
[   75.774262][ T5311]  ret_from_fork+0x4bc/0x870
[   75.776299][ T5311]  ? __pfx_ret_from_fork+0x10/0x10
[   75.778662][ T5311]  ? __pfx_kthread+0x10/0x10
[   75.780739][ T5311]  ret_from_fork_asm+0x1a/0x30
[   75.783221][ T5311]  </TASK>
[   75.784823][ T5311] Modules linked in:
[   75.787277][ T5311] ---[ end trace 0000000000000000 ]---
[   75.793276][ T5318] team0: Port device gre0 added
[   75.798964][ T5311] RIP: 0010:skb_panic+0x157/0x160
[   75.801129][ T5311] Code: c7 20 cc 6c 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 fe 97 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   75.809524][ T5311] RSP: 0018:ffffc9000d3af398 EFLAGS: 00010282
[   75.812338][ T5311] RAX: 0000000000000095 RBX: dffffc0000000000 RCX: c14898c69b180300
[   75.816231][ T5311] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   75.819694][ T5311] RBP: 00000000000006c0 R08: ffffc9000d3af0a7 R09: 1ffff92001a75e14
[   75.823227][ T5311] R10: dffffc0000000000 R11: fffff52001a75e15 R12: ffff888042174b50
[   75.827272][ T5311] R13: ffff888032a53000 R14: ffff887fff4b628c R15: 0000000000000120
[   75.830932][ T5311] FS:  0000000000000000(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   75.835188][ T5311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.837912][ T5311] CR2: 00007fdebd1d7fc8 CR3: 0000000012252000 CR4: 0000000000352ef0
[   75.845905][ T5311] Kernel panic - not syncing: Fatal exception
[   75.849226][ T5311] Kernel Offset: disabled
[   75.851152][ T5311] Rebooting in 86400 seconds..