program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) (async)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) (async)
r3 = dup2(r2, r1)
ioctl$sock_inet_sctp_SIOCINQ(r3, 0x541b, &(0x7f0000000140)) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d00000000000000000a000000000000060000000008001e0002"], 0x30}}, 0x4090) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

[   89.178322][ T5328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'.
[   89.185908][ T5305] Bluetooth: hci0: command tx timeout
[   89.237202][    T9] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000018: 0000 [#1] SMP KASAN NOPTI
[   89.243314][    T9] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
[   89.246945][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[   89.251114][    T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.255934][    T9] Workqueue: mld mld_ifc_work
[   89.258272][    T9] RIP: 0010:find_match+0xa3/0xc90
[   89.261049][    T9] Code: 00 00 00 00 00 fc ff df 42 80 7c 25 00 00 74 08 48 89 df e8 0f 0f 06 f8 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 ee 0e 06 f8 48 8b 1b e8 56 48 48
[   89.270114][    T9] RSP: 0018:ffffc900001b6610 EFLAGS: 00010206
[   89.272876][    T9] RAX: 0000000000000018 RBX: 00000000000000c0 RCX: 0000000000000000
[   89.277380][    T9] RDX: ffff88801c2fc880 RSI: 0000000000000000 RDI: 0000000000000000
[   89.282099][    T9] RBP: 1ffff11006af3504 R08: ffffc900001b69a0 R09: ffffc900001b69b0
[   89.285500][    T9] R10: ffffc900001b6800 R11: ffffffff8a1dc560 R12: dffffc0000000000
[   89.288859][    T9] R13: 0000000000000002 R14: 1ffff11006af3506 R15: ffff88803579a837
[   89.292506][    T9] FS:  0000000000000000(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000
[   89.297455][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.300825][    T9] CR2: 00007f371f574fc8 CR3: 000000003e63a000 CR4: 0000000000352ef0
[   89.304766][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   89.308226][    T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.311679][    T9] Call Trace:
[   89.313245][    T9]  <TASK>
[   89.314544][    T9]  rt6_nh_find_match+0xd9/0x150
[   89.316927][    T9]  nexthop_for_each_fib6_nh+0x1cd/0x400
[   89.320353][    T9]  ? __pfx_rt6_nh_find_match+0x10/0x10
[   89.323655][    T9]  __find_rr_leaf+0x461/0x6d0
[   89.325749][    T9]  ? __pfx___find_rr_leaf+0x10/0x10
[   89.328014][    T9]  fib6_table_lookup+0x39f/0xa80
[   89.330244][    T9]  ? __pfx_fib6_table_lookup+0x10/0x10
[   89.332682][    T9]  ? ip6_pol_route+0x162/0x1180
[   89.334751][    T9]  ip6_pol_route+0x222/0x1180
[   89.337039][    T9]  ? __pfx_ip6_pol_route+0x10/0x10
[   89.339722][    T9]  ? unwind_next_frame+0xa5/0x2390
[   89.342592][    T9]  fib6_rule_lookup+0x348/0x6f0
[   89.345129][    T9]  ? __pfx_ip6_pol_route_output+0x10/0x10
[   89.347613][    T9]  ? __pfx_fib6_rule_lookup+0x10/0x10
[   89.349945][    T9]  ? ip6_route_output_flags+0x2e/0x5d0
[   89.352561][    T9]  ? ip6_route_output_flags+0x2e/0x5d0
[   89.354937][    T9]  ip6_route_output_flags+0x364/0x5d0
[   89.357421][    T9]  ? ip6_route_output_flags+0x2e/0x5d0
[   89.360281][    T9]  ip6_dst_lookup_tail+0x1ae/0x1510
[   89.363199][    T9]  ? __dev_queue_xmit+0x1adf/0x3a70
[   89.365580][    T9]  ? ip6_finish_output2+0x11bc/0x16a0
[   89.367840][    T9]  ? ip6_finish_output+0x234/0x7d0
[   89.370333][    T9]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[   89.373615][    T9]  ? __siphash_unaligned+0x263/0x3b0
[   89.376823][    T9]  ip6_dst_lookup_flow+0x47/0xe0
[   89.379309][    T9]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[   89.381877][    T9]  udp_tunnel6_dst_lookup+0x231/0x3c0
[   89.384214][    T9]  ? __pfx_udp_tunnel6_dst_lookup+0x10/0x10
[   89.386678][    T9]  ? geneve_get_dsfield+0xec/0x680
[   89.388924][    T9]  ? __pfx_geneve_get_dsfield+0x10/0x10
[   89.391643][    T9]  ? macsec_start_xmit+0x706/0x3230
[   89.394267][    T9]  geneve_xmit+0xd2e/0x2b70
[   89.396261][    T9]  ? validate_xmit_xfrm+0xbf/0x1130
[   89.398594][    T9]  ? __pfx_skb_network_protocol+0x10/0x10
[   89.401229][    T9]  ? geneve_xmit+0x128/0x2b70
[   89.403636][    T9]  ? __pfx_validate_xmit_xfrm+0x10/0x10
[   89.406563][    T9]  ? __pfx_geneve_xmit+0x10/0x10
[   89.409705][    T9]  dev_hard_start_xmit+0x2d4/0x830
[   89.412407][    T9]  __dev_queue_xmit+0x1adf/0x3a70
[   89.414742][    T9]  ? __dev_queue_xmit+0x27e/0x3a70
[   89.417063][    T9]  ? fib_rules_lookup+0x96/0xe90
[   89.419264][    T9]  ? __pfx_fib_rules_lookup+0x10/0x10
[   89.421705][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[   89.424768][    T9]  ? l3mdev_update_flow+0x4d1/0x640
[   89.427983][    T9]  ? look_up_lock_class+0x74/0x170
[   89.430602][    T9]  ? register_lock_class+0x51/0x320
[   89.432933][    T9]  ? __lock_acquire+0xab9/0xd20
[   89.435101][    T9]  ? ip6_finish_output+0x234/0x7d0
[   89.437417][    T9]  ? ip6_finish_output2+0xf99/0x16a0
[   89.439736][    T9]  ip6_finish_output2+0x11bc/0x16a0
[   89.442211][    T9]  ? ip6_finish_output2+0x701/0x16a0
[   89.444959][    T9]  ? __pfx_ip6_finish_output2+0x10/0x10
[   89.448006][    T9]  ? ip6_mtu+0x7d/0x3f0
[   89.449920][    T9]  ? ip6_mtu+0x7d/0x3f0
[   89.451776][    T9]  ip6_finish_output+0x234/0x7d0
[   89.453952][    T9]  NF_HOOK+0x9e/0x380
[   89.455990][    T9]  ? NF_HOOK+0x101/0x380
[   89.458288][    T9]  ? __pfx_NF_HOOK+0x10/0x10
[   89.460838][    T9]  ? __pfx_dst_output+0x10/0x10
[   89.463029][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[   89.465162][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[   89.467323][    T9]  mld_sendpack+0x800/0xd80
[   89.469062][    T9]  ? mld_sendpack+0x1de/0xd80
[   89.470924][    T9]  ? __pfx_mld_sendpack+0x10/0x10
[   89.473185][    T9]  mld_ifc_work+0x835/0xde0
[   89.475406][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.478356][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[   89.481097][    T9]  process_scheduled_works+0xae1/0x17b0
[   89.483286][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[   89.485756][    T9]  worker_thread+0x8a0/0xda0
[   89.487801][    T9]  kthread+0x70e/0x8a0
[   89.489870][    T9]  ? __pfx_worker_thread+0x10/0x10
[   89.492668][    T9]  ? __pfx_kthread+0x10/0x10
[   89.494971][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.497396][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.499676][    T9]  ? __pfx_kthread+0x10/0x10
[   89.501656][    T9]  ret_from_fork+0x3fc/0x770
[   89.503656][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[   89.506040][    T9]  ? __pfx_kthread+0x10/0x10
[   89.508685][    T9]  ret_from_fork_asm+0x1a/0x30
[   89.511182][    T9]  </TASK>
[   89.512728][    T9] Modules linked in:
[   89.514664][    T9] ---[ end trace 0000000000000000 ]---
[   89.516941][    T9] RIP: 0010:find_match+0xa3/0xc90
[   89.519155][    T9] Code: 00 00 00 00 00 fc ff df 42 80 7c 25 00 00 74 08 48 89 df e8 0f 0f 06 f8 48 89 d8 bb c0 00 00 00 48 03 18 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 ee 0e 06 f8 48 8b 1b e8 56 48 48
[   89.528298][    T9] RSP: 0018:ffffc900001b6610 EFLAGS: 00010206
[   89.531786][    T9] RAX: 0000000000000018 RBX: 00000000000000c0 RCX: 0000000000000000
[   89.535316][    T9] RDX: ffff88801c2fc880 RSI: 0000000000000000 RDI: 0000000000000000
[   89.538620][    T9] RBP: 1ffff11006af3504 R08: ffffc900001b69a0 R09: ffffc900001b69b0
[   89.542140][    T9] R10: ffffc900001b6800 R11: ffffffff8a1dc560 R12: dffffc0000000000
[   89.545805][    T9] R13: 0000000000000002 R14: 1ffff11006af3506 R15: ffff88803579a837
[   89.551071][    T9] FS:  0000000000000000(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000
[   89.555802][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.558691][    T9] CR2: 00007f371f574fc8 CR3: 000000003e63a000 CR4: 0000000000352ef0
[   89.562257][    T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   89.565882][    T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.569122][    T9] Kernel panic - not syncing: Fatal exception in interrupt
[   89.573603][    T9] Kernel Offset: disabled
[   89.576162][    T9] Rebooting in 86400 seconds..