program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x30, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x200}, {}, 0x4}}, 0xb8}}, 0x0)
syz_usbip_server_init(0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000006800010000000000000000000a00000000000000060007000200000018000880140001000000000000000000000004000000000008000500", @ANYRES32=r5], 0x40}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r7)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r10=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)={0x38, r8, 0x1, 0x4070bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1f}, @ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4807}, 0x8080)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20003300}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r12 = openat$kvm(0x0, &(0x7f00000000c0), 0x2000, 0x0)
dup2(r12, 0xffffffffffffffff)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$OSF_MSG_ADD(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000005c0)={0x268, 0x0, 0x5, 0xf01, 0x0, 0x0, {0x2, 0x0, 0x5}, [{{0x254, 0x1, {{0x2, 0x4553}, 0x0, 0x1a, 0xff, 0x401, 0x1c, 'syz0\x00', "41e5b21a6b8c7ad84025000930f86cbd847ef18b281005ba5d5f2cbeda8991d1", "77bfc0fd8e03ee2dbdaab4546897f44160216ef403f90b0270f87f86235ef683", [{0x7, 0xffff, {0x2, 0x2}}, {0x5, 0x789, {0x2, 0x5}}, {0x8, 0x1, {0x0, 0x1000}}, {0x3, 0x2, {0x3, 0x1}}, {0x5, 0x2d3a, {0x0, 0x2}}, {0x7, 0x4, {0x1, 0x2}}, {0x7, 0x7, {0x1, 0x3}}, {0x787, 0x6f4, {0x2, 0x9}}, {0xc7, 0xfff, {0x3, 0x10001}}, {0x2, 0x3, {0x2, 0x8}}, {0x3, 0x8, {0x0, 0x9}}, {0x4, 0x772, {0x2, 0x7fff}}, {0x6, 0x100, {0x0, 0x8}}, {0x4, 0x1, {0x3, 0x5a}}, {0x6, 0x400, {0x3, 0x80000000}}, {0x0, 0x3, {0x0, 0x6046}}, {0x3, 0x400, {0x0, 0x3}}, {0xc6a8, 0x1, {0x3, 0xd30c}}, {0xd, 0x5, {0x3, 0xfffffffd}}, {0x83, 0x4, {0x1}}, {0xd, 0x9, {0x3, 0x71}}, {0x6, 0x9, {0x1, 0xfffffff9}}, {0x3, 0xd, {0x1, 0x2de}}, {0x7c9, 0x4, {0x1, 0x1ff}}, {0x8, 0x5, {0x1, 0x6}}, {0x2, 0x4, {0x1, 0x10}}, {0x7, 0x6, {0x0, 0x7}}, {0x8, 0xfff, {0x3, 0x5}}, {0x3, 0x7, {0x0, 0xfff}}, {0xffff, 0x0, {0x2, 0x4135}}, {0x40, 0xf, {0x0, 0x8}}, {0x7, 0x7, {0x1, 0x7}}, {0x5094, 0x401, {0x1, 0x5}}, {0x400, 0x7, {0x1, 0xfffeffff}}, {0x3, 0x101, {0x2, 0x1}}, {0x5, 0x101, {0x1, 0x8001}}, {0xb5, 0x1, {0x2, 0x22}}, {0x2e56, 0x2, {0x0, 0x1}}, {0x6, 0xfe01, {0x0, 0x120}}, {0x1ff, 0x3, {0x1, 0x5}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x800}, 0x20000014)
r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xb)
ioctl$KVM_SET_BOOT_CPU_ID(r13, 0xae78, &(0x7f0000000280)=0x1)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x78}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

[   85.592673][ T5296] Bluetooth: hci0: command tx timeout
[   85.719832][ T5319] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[   85.725561][ T5319] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   85.797876][ T5320] BUG: unable to handle page fault for address: ffffed101194b600
[   85.801935][ T5320] #PF: supervisor read access in kernel mode
[   85.805181][ T5320] #PF: error_code(0x0000) - not-present page
[   85.809117][ T5320] PGD 5ffd5067 P4D 5ffd5067 PUD 2fffa067 PMD 0 
[   85.813219][ T5320] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[   85.817041][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.822467][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.828410][ T5320] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   85.831826][ T5320] Code: 61 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 79 5f 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 5d 5f 26 f8 4c 8b 3b e8 d5 38 a4
[   85.842538][ T5320] RSP: 0018:ffffc9000e25eb60 EFLAGS: 00010a06
[   85.845371][ T5320] RAX: 1ffff1101194b600 RBX: ffff88808ca5b000 RCX: 0000000000100000
[   85.848998][ T5320] RDX: ffffc90020001000 RSI: 0000000000000613 RDI: 0000000000000614
[   85.852673][ T5320] RBP: 0000000080000000 R08: ffff88803614a480 R09: 0000000000000003
[   85.856905][ T5320] R10: 0000000000000005 R11: 0000000000000002 R12: dffffc0000000000
[   85.864104][ T5320] R13: 0000000000000000 R14: ffff88803841fe58 R15: 0000000000000000
[   85.869351][ T5320] FS:  00007f9276c016c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   85.873678][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.877477][ T5320] CR2: ffffed101194b600 CR3: 0000000011be3000 CR4: 0000000000352ef0
[   85.881569][ T5320] Call Trace:
[   85.883249][ T5320]  <TASK>
[   85.885100][ T5320]  ? ip_route_output_key_hash+0xd8/0x2a0
[   85.887863][ T5320]  ip_route_output_key_hash+0x18d/0x2a0
[   85.890621][ T5320]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[   85.893451][ T5320]  ip_route_output_flow+0x2a/0x150
[   85.895879][ T5320]  ? security_skb_classify_flow+0x74/0x280
[   85.898765][ T5320]  ip_send_unicast_reply+0x721/0x18a0
[   85.901319][ T5320]  ? save_trace+0x240/0x390
[   85.903516][ T5320]  ? __pfx_ip_send_unicast_reply+0x10/0x10
[   85.906315][ T5320]  ? stack_trace_save+0xa9/0x100
[   85.908701][ T5320]  ? check_path+0x21/0x40
[   85.910847][ T5320]  ? check_noncircular+0xda/0x150
[   85.913004][ T5320]  ? lock_acquire+0xf0/0x2e0
[   85.915458][ T5320]  tcp_v4_send_reset+0x15a6/0x26e0
[   85.917977][ T5320]  ? inet_ehashfn+0x8d/0x220
[   85.920145][ T5320]  ? tcp_v4_send_reset+0x638/0x26e0
[   85.923134][ T5320]  ? __pfx_tcp_v4_send_reset+0x10/0x10
[   85.925994][ T5320]  ? __inet_lookup_established+0x7fd/0x850
[   85.928667][ T5320]  ? tcp_v4_fill_cb+0x3d/0x4c0
[   85.930814][ T5320]  ? __asan_memmove+0x40/0x70
[   85.933069][ T5320]  ? tcp_v4_fill_cb+0x25c/0x4c0
[   85.935543][ T5320]  ? tcp_checksum_complete+0x152/0x200
[   85.938268][ T5320]  tcp_v4_rcv+0x21e2/0x31f0
[   85.940629][ T5320]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   85.943113][ T5320]  ? raw_local_deliver+0x30a/0xf40
[   85.945462][ T5320]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   85.947639][ T5320]  ip_protocol_deliver_rcu+0x221/0x440
[   85.950269][ T5320]  ? ip_local_deliver_finish+0x2ae/0x6f0
[   85.953052][ T5320]  ip_local_deliver_finish+0x3bb/0x6f0
[   85.955541][ T5320]  NF_HOOK+0x336/0x3c0
[   85.957565][ T5320]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   85.960354][ T5320]  ? NF_HOOK+0x9e/0x3c0
[   85.962235][ T5320]  ? __pfx_NF_HOOK+0x10/0x10
[   85.964332][ T5320]  ? ip_rcv_finish_core+0xda3/0x1c00
[   85.966791][ T5320]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   85.969694][ T5320]  ? skb_dst+0x4f/0xd0
[   85.971692][ T5320]  ? ip_local_deliver+0x12a/0x1b0
[   85.974144][ T5320]  NF_HOOK+0x336/0x3c0
[   85.976852][ T5320]  ? __pfx_ip_rcv_finish+0x10/0x10
[   85.979035][ T5320]  ? NF_HOOK+0x9e/0x3c0
[   85.980839][ T5320]  ? __pfx_NF_HOOK+0x10/0x10
[   85.983049][ T5320]  ? __pfx_ip_rcv_finish+0x10/0x10
[   85.985737][ T5320]  ? netif_receive_skb+0x102/0xc50
[   85.988191][ T5320]  ? __pfx_ip_rcv+0x10/0x10
[   85.990363][ T5320]  netif_receive_skb+0x45b/0xc50
[   85.992820][ T5320]  ? __pfx_netif_receive_skb+0x10/0x10
[   85.995313][ T5320]  ? __lock_acquire+0x6b5/0x2cf0
[   85.997688][ T5320]  ? tun_rx_batched+0x185/0x790
[   85.999986][ T5320]  tun_rx_batched+0x1de/0x790
[   86.002205][ T5320]  ? __build_skb+0x62/0x440
[   86.004288][ T5320]  ? __pfx_tun_rx_batched+0x10/0x10
[   86.006871][ T5320]  ? tun_get_user+0x2354/0x3dd0
[   86.009051][ T5320]  ? __local_bh_enable_ip+0xd0/0x130
[   86.011304][ T5320]  ? tun_get_user+0x2669/0x3dd0
[   86.013622][ T5320]  tun_get_user+0x2a78/0x3dd0
[   86.015910][ T5320]  ? aa_file_perm+0x50e/0x15e0
[   86.018066][ T5320]  ? __pfx_tun_get_user+0x10/0x10
[   86.020470][ T5320]  ? aa_file_perm+0x192/0x15e0
[   86.022723][ T5320]  ? ref_tracker_alloc+0x35c/0x4c0
[   86.026403][ T5320]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   86.028760][ T5320]  ? tun_get+0x1c/0x2f0
[   86.030540][ T5320]  ? tun_get+0x1c/0x2f0
[   86.032412][ T5320]  ? tun_get+0x1c/0x2f0
[   86.034226][ T5320]  tun_chr_write_iter+0x113/0x200
[   86.036444][ T5320]  vfs_write+0x61d/0xb90
[   86.038406][ T5320]  ? __pfx_vfs_write+0x10/0x10
[   86.040639][ T5320]  ? __fget_files+0x2a/0x420
[   86.042763][ T5320]  ksys_write+0x150/0x270
[   86.044931][ T5320]  ? __pfx_ksys_write+0x10/0x10
[   86.047410][ T5320]  do_syscall_64+0x14d/0xf80
[   86.049393][ T5320]  ? trace_irq_disable+0x3b/0x150
[   86.051716][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.054400][ T5320]  ? clear_bhb_loop+0x40/0x90
[   86.056484][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.059349][ T5320] RIP: 0033:0x7f9275d5cece
[   86.062481][ T5320] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   86.071338][ T5320] RSP: 002b:00007f9276c00fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.075204][ T5320] RAX: ffffffffffffffda RBX: 00007f9276c016c0 RCX: 00007f9275d5cece
[   86.078794][ T5320] RDX: 0000000000000036 RSI: 0000200000000140 RDI: 00000000000000c8
[   86.082633][ T5320] RBP: 00007f9275e32b39 R08: 0000000000000000 R09: 0000000000000000
[   86.086476][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.090989][ T5320] R13: 00007f9276016128 R14: 00007f9276016090 R15: 00007ffe0c39cdc8
[   86.094992][ T5320]  </TASK>
[   86.096504][ T5320] Modules linked in:
[   86.098476][ T5320] CR2: ffffed101194b600
[   86.100435][ T5320] ---[ end trace 0000000000000000 ]---
[   86.103149][ T5320] RIP: 0010:ip_route_output_key_hash_rcu+0x1264/0x25d0
[   86.106947][ T5320] Code: 61 11 09 49 83 c6 38 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 79 5f 26 f8 49 03 1e 4d 89 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 5d 5f 26 f8 4c 8b 3b e8 d5 38 a4
[   86.115254][ T5320] RSP: 0018:ffffc9000e25eb60 EFLAGS: 00010a06
[   86.117908][ T5320] RAX: 1ffff1101194b600 RBX: ffff88808ca5b000 RCX: 0000000000100000
[   86.121460][ T5320] RDX: ffffc90020001000 RSI: 0000000000000613 RDI: 0000000000000614
[   86.124858][ T5320] RBP: 0000000080000000 R08: ffff88803614a480 R09: 0000000000000003
[   86.128181][ T5320] R10: 0000000000000005 R11: 0000000000000002 R12: dffffc0000000000
[   86.131636][ T5320] R13: 0000000000000000 R14: ffff88803841fe58 R15: 0000000000000000
[   86.135297][ T5320] FS:  00007f9276c016c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   86.139092][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.141924][ T5320] CR2: ffffed101194b600 CR3: 0000000011be3000 CR4: 0000000000352ef0
[   86.145202][ T5320] Kernel panic - not syncing: Fatal exception in interrupt
[   86.147894][ T5320] Kernel Offset: disabled
[   86.149368][ T5320] Rebooting in 86400 seconds..