program:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$inet(r7, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x40)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@ipv6_newnexthop={0x40, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x2}, @NHA_ENCAP={0x18, 0x8, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14}}, @NHA_OIF={0x8, 0x5, r12}]}, 0x40}}, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000d00)=@ipv4_newroute={0x28, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}, @RTA_METRICS={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4a044}, 0x50)
r14 = socket$nl_route(0x10, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
sendmsg$nl_route(r14, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x5}]}}]}, 0x40}}, 0x0)

[   86.157652][ T5295] Bluetooth: hci0: command tx timeout
[   86.787581][ T1072] BUG: unable to handle page fault for address: ffffed101194b000
[   86.792837][ T1072] #PF: supervisor read access in kernel mode
[   86.797392][ T1072] #PF: error_code(0x0000) - not-present page
[   86.801230][ T1072] PGD 5ffd5067 P4D 5ffd5067 PUD 2fffa067 PMD 0 
[   86.807079][ T1072] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[   86.814839][ T1072] CPU: 0 UID: 0 PID: 1072 Comm: kworker/u4:8 Not tainted syzkaller #0 PREEMPT(full) 
[   86.823361][ T1072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.835453][ T1072] Workqueue: krds_cp_wq#0/0 rds_connect_worker
[   86.841833][ T1072] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   86.847672][ T1072] Code: 5a 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 d9 3c 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 bd 3c 26 f8 4c 8b 3b e8 d5 51 a4
[   86.863355][ T1072] RSP: 0018:ffffc900055e7320 EFLAGS: 00010a06
[   86.869667][ T1072] RAX: 1ffff1101194b000 RBX: ffff88808ca58000 RCX: ffff888032f18000
[   86.875143][ T1072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   86.879664][ T1072] RBP: 0000000080000000 R08: ffff888032f18000 R09: 0000000000000003
[   86.884756][ T1072] R10: 0000000000000005 R11: 0000000000000000 R12: dffffc0000000000
[   86.890001][ T1072] R13: 0000000000000000 R14: ffff888038517558 R15: 0000000000000000
[   86.894822][ T1072] FS:  0000000000000000(0000) GS:ffff88808ca58000(0000) knlGS:0000000000000000
[   86.900118][ T1072] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.903394][ T1072] CR2: ffffed101194b000 CR3: 0000000041bb2000 CR4: 0000000000352ef0
[   86.907390][ T1072] Call Trace:
[   86.909253][ T1072]  <TASK>
[   86.911565][ T1072]  ? ip_route_output_key_hash+0xd8/0x2a0
[   86.914866][ T1072]  ip_route_output_key_hash+0x18d/0x2a0
[   86.918136][ T1072]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[   86.923609][ T1072]  ip_route_output_flow+0x2a/0x150
[   86.927273][ T1072]  ? security_sk_classify_flow+0x6d/0x150
[   86.930892][ T1072]  tcp_v4_connect+0x81e/0x1a90
[   86.933323][ T1072]  ? __pfx_tcp_v4_connect+0x10/0x10
[   86.936579][ T1072]  __inet_stream_connect+0x26b/0xea0
[   86.939781][ T1072]  ? do_raw_spin_lock+0x12b/0x2f0
[   86.943242][ T1072]  ? __pfx___inet_stream_connect+0x10/0x10
[   86.951556][ T1072]  ? inet_stream_connect+0x51/0xa0
[   86.954180][ T1072]  ? __local_bh_enable_ip+0xd0/0x130
[   86.956906][ T1072]  inet_stream_connect+0x66/0xa0
[   86.960026][ T1072]  kernel_connect+0x141/0x1c0
[   86.965595][ T1072]  ? __pfx_kernel_connect+0x10/0x10
[   86.970751][ T1072]  ? __local_bh_enable_ip+0xd0/0x130
[   86.974012][ T1072]  rds_tcp_conn_path_connect+0x6f6/0x930
[   86.976714][ T1072]  ? __pfx_rds_tcp_conn_path_connect+0x10/0x10
[   86.979910][ T1072]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   86.983293][ T1072]  rds_connect_worker+0x1d8/0x290
[   86.986726][ T1072]  ? process_scheduled_works+0xa25/0x1830
[   87.013249][ T1072]  process_scheduled_works+0xb02/0x1830
[   87.017081][ T1072]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.022813][ T1072]  ? assign_work+0x3d5/0x5e0
[   87.027116][ T1072]  worker_thread+0xa50/0xfc0
[   87.037959][ T1072]  kthread+0x388/0x470
[   87.041347][ T1072]  ? __pfx_worker_thread+0x10/0x10
[   87.061017][ T1072]  ? __pfx_kthread+0x10/0x10
[   87.067853][ T1072]  ret_from_fork+0x51e/0xb90
[   87.070617][ T1072]  ? __pfx_ret_from_fork+0x10/0x10
[   87.074608][ T1072]  ? __switch_to+0xc7d/0x1450
[   87.078355][ T1072]  ? __pfx_kthread+0x10/0x10
[   87.084549][ T1072]  ret_from_fork_asm+0x1a/0x30
[   87.092972][ T1072]  </TASK>
[   87.095142][ T1072] Modules linked in:
[   87.097910][ T1072] CR2: ffffed101194b000
[   87.100461][ T1072] ---[ end trace 0000000000000000 ]---
[   87.107360][ T1072] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   87.110976][ T1072] Code: 5a 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 d9 3c 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 bd 3c 26 f8 4c 8b 3b e8 d5 51 a4
[   87.128999][ T1072] RSP: 0018:ffffc900055e7320 EFLAGS: 00010a06
[   87.132763][ T1072] RAX: 1ffff1101194b000 RBX: ffff88808ca58000 RCX: ffff888032f18000
[   87.139494][ T1072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   87.146049][ T1072] RBP: 0000000080000000 R08: ffff888032f18000 R09: 0000000000000003
[   87.150082][ T1072] R10: 0000000000000005 R11: 0000000000000000 R12: dffffc0000000000
[   87.155508][ T1072] R13: 0000000000000000 R14: ffff888038517558 R15: 0000000000000000
[   87.160644][ T1072] FS:  0000000000000000(0000) GS:ffff88808ca58000(0000) knlGS:0000000000000000
[   87.165944][ T1072] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.169583][ T1072] CR2: ffffed101194b000 CR3: 0000000041bb2000 CR4: 0000000000352ef0
[   87.175511][ T1072] Kernel panic - not syncing: Fatal exception
[   87.183207][ T1072] Kernel Offset: disabled
[   87.186074][ T1072] Rebooting in 86400 seconds..