program: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000003c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r2, &(0x7f00000014c0)=ANY=[], 0x46b) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000180)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x743cc6657251efbe, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0xfffffef0}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000000)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x4004, r5, 0x2}) mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1002, 0x2, 0x11, r7, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000140)="7669b66f89b40e3ab8abfdcbacc3d3716b", 0x11, 0x0, 0x0, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r8, 0x5421, &(0x7f0000000100)=0x100000001) setsockopt$inet_tcp_int(r8, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4620, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) close(r8) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000a00)={{{@in, @in=@local}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in=@initdev}}, &(0x7f0000000240)=0x142) [ 69.392792][ T4663] Bluetooth: hci0: command tx timeout [ 69.464134][ T5314] TCP: out of memory -- consider tuning tcp_mem [ 69.469306][ T5314] ------------[ cut here ]------------ [ 69.471399][ T5314] WARNING: CPU: 0 PID: 5314 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x6fc/0x810 [ 69.474450][ T5314] Modules linked in: [ 69.475723][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 69.479682][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.483551][ T5314] RIP: 0010:inet_sock_destruct+0x6fc/0x810 [ 69.485551][ T5314] Code: 5a f7 90 0f 0b 90 e9 17 fe ff ff e8 8e cd 5a f7 90 0f 0b 90 41 80 3c 2c 00 0f 85 40 fe ff ff e9 43 fe ff ff e8 75 cd 5a f7 90 <0f> 0b 90 e9 b3 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 00 fc [ 69.492323][ T5314] RSP: 0018:ffffc9000d25fc58 EFLAGS: 00010287 [ 69.494594][ T5314] RAX: ffffffff8a44a4ab RBX: 0000000080000000 RCX: 0000000000100000 [ 69.497810][ T5314] RDX: ffffc9000e4ba000 RSI: 0000000000001180 RDI: 0000000000001181 [ 69.500662][ T5314] RBP: ffff88804319d940 R08: ffffffff8a44a35a R09: 1ffff11008633b7b [ 69.503663][ T5314] R10: dffffc0000000000 R11: ffffed1008633b7c R12: 1ffff11008633b2d [ 69.506866][ T5314] R13: ffff88804319de28 R14: ffff88804319d968 R15: ffff88804319d952 [ 69.509377][ T5314] FS: 00007fdb0a70e6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.512622][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.515032][ T5314] CR2: 0000000020b63fe4 CR3: 0000000040a54000 CR4: 0000000000352ef0 [ 69.518092][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.521089][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.524017][ T5314] Call Trace: [ 69.525334][ T5314] [ 69.526526][ T5314] ? __warn+0x165/0x4d0 [ 69.528055][ T5314] ? inet_sock_destruct+0x6fc/0x810 [ 69.529952][ T5314] ? report_bug+0x2b3/0x500 [ 69.531523][ T5314] ? inet_sock_destruct+0x6fc/0x810 [ 69.533515][ T5314] ? handle_bug+0x60/0x90 [ 69.535101][ T5314] ? exc_invalid_op+0x1a/0x50 [ 69.537010][ T5314] ? asm_exc_invalid_op+0x1a/0x20 [ 69.538828][ T5314] ? inet_sock_destruct+0x5aa/0x810 [ 69.540667][ T5314] ? inet_sock_destruct+0x6fb/0x810 [ 69.542633][ T5314] ? inet_sock_destruct+0x6fc/0x810 [ 69.544311][ T5314] ? inet_sock_destruct+0x6fb/0x810 [ 69.546351][ T5314] ? __pfx_inet_sock_destruct+0x10/0x10 [ 69.548440][ T5314] __sk_destruct+0x58/0x5f0 [ 69.550044][ T5314] ? __sk_free+0x333/0x460 [ 69.551733][ T5314] inet_release+0x17d/0x200 [ 69.553338][ T5314] sock_close+0xbc/0x240 [ 69.554883][ T5314] ? __pfx_sock_close+0x10/0x10 [ 69.556777][ T5314] __fput+0x23c/0xa50 [ 69.558233][ T5314] task_work_run+0x24f/0x310 [ 69.559955][ T5314] ? _raw_spin_unlock+0x28/0x50 [ 69.561732][ T5314] ? __pfx_task_work_run+0x10/0x10 [ 69.563748][ T5314] ? syscall_exit_to_user_mode+0xa3/0x340 [ 69.565776][ T5314] syscall_exit_to_user_mode+0x13f/0x340 [ 69.567670][ T5314] do_syscall_64+0x100/0x230 [ 69.569241][ T5314] ? clear_bhb_loop+0x35/0x90 [ 69.571054][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.573518][ T5314] RIP: 0033:0x7fdb0997ff19 [ 69.575312][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.582544][ T5314] RSP: 002b:00007fdb0a70e058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 69.585755][ T5314] RAX: 0000000000000000 RBX: 00007fdb09b45fa0 RCX: 00007fdb0997ff19 [ 69.588990][ T5314] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 69.592144][ T5314] RBP: 00007fdb099f3986 R08: 0000000000000000 R09: 0000000000000000 [ 69.595224][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.598625][ T5314] R13: 0000000000000000 R14: 00007fdb09b45fa0 R15: 00007ffe079bb718 [ 69.601826][ T5314] [ 69.603091][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.605550][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 69.609466][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.613597][ T5314] Call Trace: [ 69.614967][ T5314] [ 69.616164][ T5314] dump_stack_lvl+0x241/0x360 [ 69.618029][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.619970][ T5314] ? __pfx__printk+0x10/0x10 [ 69.621806][ T5314] ? vscnprintf+0x5d/0x90 [ 69.623399][ T5314] panic+0x349/0x880 [ 69.624800][ T5314] ? __warn+0x174/0x4d0 [ 69.626381][ T5314] ? __pfx_panic+0x10/0x10 [ 69.628116][ T5314] __warn+0x344/0x4d0 [ 69.629511][ T5314] ? inet_sock_destruct+0x6fc/0x810 [ 69.631475][ T5314] report_bug+0x2b3/0x500 [ 69.633112][ T5314] ? inet_sock_destruct+0x6fc/0x810 [ 69.635138][ T5314] handle_bug+0x60/0x90 [ 69.636698][ T5314] exc_invalid_op+0x1a/0x50 [ 69.638462][ T5314] asm_exc_invalid_op+0x1a/0x20 [ 69.640397][ T5314] RIP: 0010:inet_sock_destruct+0x6fc/0x810 [ 69.642551][ T5314] Code: 5a f7 90 0f 0b 90 e9 17 fe ff ff e8 8e cd 5a f7 90 0f 0b 90 41 80 3c 2c 00 0f 85 40 fe ff ff e9 43 fe ff ff e8 75 cd 5a f7 90 <0f> 0b 90 e9 b3 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 00 fc [ 69.649825][ T5314] RSP: 0018:ffffc9000d25fc58 EFLAGS: 00010287 [ 69.652283][ T5314] RAX: ffffffff8a44a4ab RBX: 0000000080000000 RCX: 0000000000100000 [ 69.655301][ T5314] RDX: ffffc9000e4ba000 RSI: 0000000000001180 RDI: 0000000000001181 [ 69.658222][ T5314] RBP: ffff88804319d940 R08: ffffffff8a44a35a R09: 1ffff11008633b7b [ 69.661257][ T5314] R10: dffffc0000000000 R11: ffffed1008633b7c R12: 1ffff11008633b2d [ 69.664180][ T5314] R13: ffff88804319de28 R14: ffff88804319d968 R15: ffff88804319d952 [ 69.667106][ T5314] ? inet_sock_destruct+0x5aa/0x810 [ 69.669216][ T5314] ? inet_sock_destruct+0x6fb/0x810 [ 69.671389][ T5314] ? inet_sock_destruct+0x6fb/0x810 [ 69.673532][ T5314] ? __pfx_inet_sock_destruct+0x10/0x10 [ 69.675654][ T5314] __sk_destruct+0x58/0x5f0 [ 69.677365][ T5314] ? __sk_free+0x333/0x460 [ 69.679092][ T5314] inet_release+0x17d/0x200 [ 69.680874][ T5314] sock_close+0xbc/0x240 [ 69.682485][ T5314] ? __pfx_sock_close+0x10/0x10 [ 69.684271][ T5314] __fput+0x23c/0xa50 [ 69.685733][ T5314] task_work_run+0x24f/0x310 [ 69.687448][ T5314] ? _raw_spin_unlock+0x28/0x50 [ 69.689150][ T5314] ? __pfx_task_work_run+0x10/0x10 [ 69.691166][ T5314] ? syscall_exit_to_user_mode+0xa3/0x340 [ 69.693344][ T5314] syscall_exit_to_user_mode+0x13f/0x340 [ 69.695532][ T5314] do_syscall_64+0x100/0x230 [ 69.697256][ T5314] ? clear_bhb_loop+0x35/0x90 [ 69.698973][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.701234][ T5314] RIP: 0033:0x7fdb0997ff19 [ 69.702918][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.710076][ T5314] RSP: 002b:00007fdb0a70e058 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 69.712923][ T5314] RAX: 0000000000000000 RBX: 00007fdb09b45fa0 RCX: 00007fdb0997ff19 [ 69.715495][ T5314] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 69.717947][ T5314] RBP: 00007fdb099f3986 R08: 0000000000000000 R09: 0000000000000000 [ 69.720713][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.723518][ T5314] R13: 0000000000000000 R14: 00007fdb09b45fa0 R15: 00007ffe079bb718 [ 69.726180][ T5314] [ 69.727668][ T5314] Kernel Offset: disabled [ 69.729162][ T5314] Rebooting in 86400 seconds..