program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000001600)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000240)={'team0\x00', <r6=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32=r6, @ANYBLOB="400002803c000100240001006d6f64650000000000008000000000000000000000000000000000000000000005000300050000000b0004006a68ca72616e646f6d0000"], 0x5c}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0) (async)
r10 = socket$inet_udp(0x2, 0x2, 0x0) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r11, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="508f3ac9226279cca10ee4c162d07550957e62f86752a59d3188afafe0312370bcc944bd5508594afc4fa8a1db66f695e03ff7c80ea70960d434cff03c60b00548ee139c2481f2798f8ea9d3a639447ffb3fd10339917c2207c84bf8469fd8a421236308cd897213bc1b458e028d1d0002d5fb90aad83715410ccc75cbb5172671fe6e8937f6b6bb58584858b4aedac070cec45c", @ANYRES16=0x0, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r12, @ANYBLOB="0a000600080211000001000028005080110001004abee33908f8eef16f162471f400000005000200000000000800030005ac0f00"], 0xa2}}, 0x2) (async)
r13 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x11, 0xc0, 0x8, 0x5, 0x4, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2}, 0x50) (async)
ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r15=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r13, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002840)={0x4c, r14, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac, @device_b, @broadcast}}}]}, 0x4c}}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'lo\x00', <r16=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x3, {0x2, 0x8, 0x0, 0xfd, r16}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r17 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r17, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r18=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r18}]}}}]}, 0x38}}, 0x0)

[   86.586080][   T10] cfg80211: failed to load regulatory.db
[   86.626091][ T4670] Bluetooth: hci0: command tx timeout
[   86.662054][ T5332] bridge_slave_0: left allmulticast mode
[   86.664308][ T5332] bridge_slave_0: left promiscuous mode
[   86.668088][ T5332] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.677369][ T5332] bridge_slave_1: left allmulticast mode
[   86.679884][ T5332] bridge_slave_1: left promiscuous mode
[   86.682454][ T5332] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.695718][ T5332] bond0: (slave bond_slave_0): Releasing backup interface
[   86.703033][ T5332] bond0: (slave bond_slave_1): Releasing backup interface
[   86.718369][ T5332] team0: Port device team_slave_0 removed
[   86.725911][ T5332] team0: Port device team_slave_1 removed
[   86.729153][ T5332] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.732693][ T5332] batman_adv: batadv0: Removing interface: batadv_slave_0
[   86.738409][ T5332] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.741568][ T5332] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.747048][ T5332] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   86.770421][ T5334] gre0: entered promiscuous mode
[   86.824793][ T5330] skbuff: skb_under_panic: text:ffffffff89dad5a7 len:1050168980 put:1050168884 head:ffff888035d48000 data:ffff887ff73c328c tail:0x120 end:0x6c0 dev:team0
[   86.831830][ T5330] ------------[ cut here ]------------
[   86.834253][ T5330] kernel BUG at net/core/skbuff.c:212!
[   86.874681][ T5330] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   86.877435][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) 
[   86.881278][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.885711][ T5330] Workqueue: mld mld_ifc_work
[   86.887825][ T5330] RIP: 0010:skb_panic+0x157/0x160
[   86.889861][ T5330] Code: c7 e0 cb 6c 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 fe 97 f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90
[   86.897423][ T5330] RSP: 0018:ffffc9000f447398 EFLAGS: 00010282
[   86.899833][ T5330] RAX: 0000000000000097 RBX: dffffc0000000000 RCX: 7641ccc60479eb00
[   86.903172][ T5330] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   86.906511][ T5330] RBP: 00000000000006c0 R08: ffffc9000f4470a7 R09: 1ffff92001e88e14
[   86.910080][ T5330] R10: dffffc0000000000 R11: fffff52001e88e15 R12: ffff888041fe3010
[   86.913594][ T5330] R13: ffff888035d48000 R14: ffff887ff73c328c R15: 0000000000000120
[   86.917003][ T5330] FS:  0000000000000000(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   86.920661][ T5330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.923345][ T5330] CR2: 00007fd8e24063a0 CR3: 000000001f3bf000 CR4: 0000000000352ef0
[   86.926672][ T5330] Call Trace:
[   86.928120][ T5330]  <TASK>
[   86.929437][ T5330]  ? ipgre_header+0x67/0x290
[   86.931401][ T5330]  ? ipgre_header+0x67/0x290
[   86.933404][ T5330]  skb_push+0xc3/0xe0
[   86.935105][ T5330]  ipgre_header+0x67/0x290
[   86.937000][ T5330]  ? __pfx_ipgre_header+0x10/0x10
[   86.939109][ T5330]  neigh_connected_output+0x286/0x460
[   86.941320][ T5330]  ip6_finish_output2+0xfb3/0x1480
[   86.943450][ T5330]  ? __pfx_ip6_finish_output2+0x10/0x10
[   86.945943][ T5330]  ? ip6_mtu+0x7d/0x490
[   86.947791][ T5330]  ? ip6_mtu+0x7d/0x490
[   86.949745][ T5330]  ip6_finish_output+0x234/0x7d0
[   86.951951][ T5330]  ? ip6_output+0x126/0x550
[   86.953980][ T5330]  ip6_output+0x340/0x550
[   86.955869][ T5330]  NF_HOOK+0x9e/0x380
[   86.957551][ T5330]  ? NF_HOOK+0x101/0x380
[   86.959348][ T5330]  ? __pfx_NF_HOOK+0x10/0x10
[   86.961313][ T5330]  ? __pfx_dst_output+0x10/0x10
[   86.963366][ T5330]  ? icmp6_dst_alloc+0x3a5/0x420
[   86.965472][ T5330]  ? icmp6_dst_alloc+0x3a5/0x420
[   86.967535][ T5330]  mld_sendpack+0x8d4/0xe60
[   86.969485][ T5330]  ? mld_sendpack+0x1e7/0xe60
[   86.971502][ T5330]  ? __pfx_mld_sendpack+0x10/0x10
[   86.973837][ T5330]  mld_ifc_work+0x83e/0xd60
[   86.975773][ T5330]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.977919][ T5330]  ? process_scheduled_works+0x9ef/0x17b0
[   86.980144][ T5330]  process_scheduled_works+0xae1/0x17b0
[   86.982399][ T5330]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.984814][ T5330]  worker_thread+0x8a0/0xda0
[   86.986632][ T5330]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.989209][ T5330]  ? __kthread_parkme+0x7b/0x200
[   86.991210][ T5330]  kthread+0x711/0x8a0
[   86.993024][ T5330]  ? __pfx_worker_thread+0x10/0x10
[   86.995228][ T5330]  ? __pfx_kthread+0x10/0x10
[   86.997262][ T5330]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.999488][ T5330]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.001724][ T5330]  ? __pfx_kthread+0x10/0x10
[   87.003779][ T5330]  ret_from_fork+0x4bc/0x870
[   87.005828][ T5330]  ? __pfx_ret_from_fork+0x10/0x10
[   87.008035][ T5330]  ? __pfx_kthread+0x10/0x10
[   87.010101][ T5330]  ret_from_fork_asm+0x1a/0x30
[   87.012253][ T5330]  </TASK>
[   87.013541][ T5330] Modules linked in:
[   87.015515][ T5330] ---[ end trace 0000000000000000 ]---
[   87.040085][ T5334] team0: Port device gre0 added