program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r2, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50404, 0x20800}, [@IFLA_IFNAME={0x14, 0x3, 'gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x6c00, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

[   91.284634][ T5340] Bluetooth: hci0: command tx timeout
[   91.421575][ T5361] bridge_slave_0: left allmulticast mode
[   91.471800][ T5361] bridge_slave_0: left promiscuous mode
[   91.490848][ T5361] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.503081][ T5361] bridge_slave_1: left allmulticast mode
[   91.507207][ T5361] bridge_slave_1: left promiscuous mode
[   91.510003][ T5361] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.519501][ T5361] bond0: (slave bond_slave_0): Releasing backup interface
[   91.527807][ T5361] bond0: (slave bond_slave_1): Releasing backup interface
[   91.542409][ T5361] team0: Port device team_slave_0 removed
[   91.552355][ T5361] team0: Port device team_slave_1 removed
[   91.556818][ T5361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.560088][ T5361] batman_adv: batadv0: Removing interface: batadv_slave_0
[   91.565467][ T5361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.568630][ T5361] batman_adv: batadv0: Removing interface: batadv_slave_1
[   91.581517][ T5362] team0: Mode changed to "roundrobin"
[   91.590889][ T5369] team0: Device gre0 is up. Set it down before adding it as a team port
[   91.611325][ T5361] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   91.619805][ T5338] skbuff: skb_under_panic: text:ffffffff8a134fe7 len:1140100756 put:1140100660 head:ffff888053004000 data:ffff88800f0bb28c tail:0x120 end:0x6c0 dev:team0
[   91.640488][ T5338] ------------[ cut here ]------------
[   91.643285][ T5338] kernel BUG at net/core/skbuff.c:211!
[   91.646903][ T5338] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   91.649734][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
[   91.653627][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.657984][ T5338] Workqueue: mld mld_ifc_work
[   91.660192][ T5338] RIP: 0010:skb_panic+0x157/0x160
[   91.662383][ T5338] Code: c7 40 02 94 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 3e 0d f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   91.670774][ T5338] RSP: 0018:ffffc9000d2df418 EFLAGS: 00010286
[   91.673300][ T5338] RAX: 0000000000000097 RBX: dffffc0000000000 RCX: 60ce088226ce1900
[   91.676764][ T5338] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   91.680200][ T5338] RBP: 00000000000006c0 R08: ffffc9000d2df127 R09: 1ffff92001a5be24
[   91.683836][ T5338] R10: dffffc0000000000 R11: fffff52001a5be25 R12: ffff888043c45010
[   91.687325][ T5338] R13: ffff888053004000 R14: ffff88800f0bb28c R15: 0000000000000120
[   91.690553][ T5338] FS:  0000000000000000(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   91.694181][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.696904][ T5338] CR2: 00007fce541d3fc8 CR3: 00000000434de000 CR4: 0000000000352ef0
[   91.700193][ T5338] Call Trace:
[   91.701690][ T5338]  <TASK>
[   91.703110][ T5338]  ? ipgre_header+0x67/0x290
[   91.705207][ T5338]  ? ipgre_header+0x67/0x290
[   91.707185][ T5338]  skb_push+0xc3/0xe0
[   91.708882][ T5338]  ipgre_header+0x67/0x290
[   91.710840][ T5338]  ? __pfx_ipgre_header+0x10/0x10
[   91.712993][ T5338]  neigh_connected_output+0x283/0x460
[   91.715260][ T5338]  ip6_finish_output2+0x11fb/0x16a0
[   91.717500][ T5338]  ? ip6_finish_output2+0x701/0x16a0
[   91.719938][ T5338]  ? __pfx_ip6_finish_output2+0x10/0x10
[   91.722591][ T5338]  ? ip6_mtu+0x7d/0x3f0
[   91.724519][ T5338]  ? ip6_mtu+0x7d/0x3f0
[   91.726186][ T5338]  ip6_finish_output+0x234/0x7d0
[   91.728617][ T5338]  NF_HOOK+0x9e/0x380
[   91.730418][ T5338]  ? __pfx_NF_HOOK+0x10/0x10
[   91.732272][ T5338]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[   91.734732][ T5338]  ? do_raw_spin_unlock+0x4d/0x240
[   91.737277][ T5338]  ? icmp6_dst_alloc+0x3a5/0x420
[   91.739641][ T5338]  ? icmp6_dst_alloc+0x3a5/0x420
[   91.742092][ T5338]  mld_sendpack+0x800/0xd80
[   91.744062][ T5338]  ? mld_sendpack+0x1de/0xd80
[   91.746041][ T5338]  ? __pfx_mld_sendpack+0x10/0x10
[   91.748237][ T5338]  mld_ifc_work+0x83e/0xd60
[   91.750292][ T5338]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.752603][ T5338]  ? process_scheduled_works+0x9ef/0x17b0
[   91.755242][ T5338]  process_scheduled_works+0xae1/0x17b0
[   91.757834][ T5338]  ? __pfx_process_scheduled_works+0x10/0x10
[   91.760339][ T5338]  worker_thread+0x8a0/0xda0
[   91.762417][ T5338]  kthread+0x70e/0x8a0
[   91.764218][ T5338]  ? __pfx_worker_thread+0x10/0x10
[   91.766190][ T5338]  ? __pfx_kthread+0x10/0x10
[   91.768257][ T5338]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.770466][ T5338]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.773032][ T5338]  ? __pfx_kthread+0x10/0x10
[   91.775296][ T5338]  ret_from_fork+0x3f9/0x770
[   91.777454][ T5338]  ? __pfx_ret_from_fork+0x10/0x10
[   91.779659][ T5338]  ? __pfx_kthread+0x10/0x10
[   91.781592][ T5338]  ret_from_fork_asm+0x1a/0x30
[   91.783744][ T5338]  </TASK>
[   91.785141][ T5338] Modules linked in:
[   91.787355][ T5338] ---[ end trace 0000000000000000 ]---
[   91.792895][ T5338] RIP: 0010:skb_panic+0x157/0x160
[   91.797183][ T5338] Code: c7 40 02 94 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 3e 0d f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   91.806197][ T5338] RSP: 0018:ffffc9000d2df418 EFLAGS: 00010286
[   91.809024][ T5338] RAX: 0000000000000097 RBX: dffffc0000000000 RCX: 60ce088226ce1900
[   91.812566][ T5338] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   91.816884][ T5338] RBP: 00000000000006c0 R08: ffffc9000d2df127 R09: 1ffff92001a5be24
[   91.820546][ T5338] R10: dffffc0000000000 R11: fffff52001a5be25 R12: ffff888043c45010
[   91.824422][ T5338] R13: ffff888053004000 R14: ffff88800f0bb28c R15: 0000000000000120
[   91.827696][ T5338] FS:  0000000000000000(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   91.831830][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.835037][ T5338] CR2: 00007fce541d3fc8 CR3: 00000000434de000 CR4: 0000000000352ef0
[   91.839101][ T5338] Kernel panic - not syncing: Fatal exception
[   91.842081][ T5338] Kernel Offset: disabled
[   91.843888][ T5338] Rebooting in 86400 seconds..