program: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000000)="05000806", 0x5e0, 0x0, &(0x7f0000000080)={0x11, 0x8100, r2}, 0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r5, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r5, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0xfffffd49}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)="8d0bbb000000000000000000000000000046a8e3b122603406e3448947740f2fad91e39588b93ce2f79f4a8852", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r6, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) shutdown(r6, 0x1) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r7, 0x303, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendto$packet(r1, &(0x7f0000000100)="8ba901999c155bacf4ce6e1b58f891", 0xf, 0x48040, 0x0, 0x0) [ 113.787273][ T5319] Bluetooth: hci0: command tx timeout [ 113.821815][ T5339] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 113.927519][ T5338] TCP: out of memory -- consider tuning tcp_mem [ 113.931463][ T5338] ------------[ cut here ]------------ [ 113.934105][ T5338] WARNING: CPU: 0 PID: 5338 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730 [ 113.937946][ T5338] Modules linked in: [ 113.939794][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 113.944832][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 113.949277][ T5338] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 113.952225][ T5338] Code: 0f 0b 90 e9 62 fe ff ff e8 1a 48 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 0c 48 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 fe 47 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 113.960189][ T5338] RSP: 0018:ffffc9000d37fc58 EFLAGS: 00010293 [ 113.962851][ T5338] RAX: ffffffff89ef0522 RBX: dffffc0000000000 RCX: ffff888032d70000 [ 113.966009][ T5338] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 113.969357][ T5338] RBP: 0000000080000000 R08: ffff888035e8dbdf R09: 1ffff11006bd1b7b [ 113.972716][ T5338] R10: dffffc0000000000 R11: ffffed1006bd1b7c R12: ffff888035e8d940 [ 113.976030][ T5338] R13: dffffc0000000000 R14: ffff888035e8dbc4 R15: 1ffff11006bd1b2a [ 113.979231][ T5338] FS: 0000555577a9b500(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 113.982788][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.985355][ T5338] CR2: 00007f70c2985538 CR3: 000000003f40c000 CR4: 0000000000352ef0 [ 113.988759][ T5338] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.992151][ T5338] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.995648][ T5338] Call Trace: [ 113.997066][ T5338] [ 113.998429][ T5338] ? netlink_has_listeners+0x339/0x3f0 [ 114.000781][ T5338] ? __pfx_inet_sock_destruct+0x10/0x10 [ 114.003415][ T5338] __sk_destruct+0x89/0x660 [ 114.005351][ T5338] inet_release+0x184/0x210 [ 114.007310][ T5338] sock_close+0xc0/0x240 [ 114.009174][ T5338] ? __pfx_sock_close+0x10/0x10 [ 114.011360][ T5338] __fput+0x449/0xa70 [ 114.012987][ T5338] task_work_run+0x1d1/0x260 [ 114.014800][ T5338] ? __pfx_task_work_run+0x10/0x10 [ 114.016904][ T5338] ? exit_to_user_mode_loop+0x40/0x110 [ 114.018823][ T5338] exit_to_user_mode_loop+0xec/0x110 [ 114.020977][ T5338] do_syscall_64+0x2bd/0x3b0 [ 114.023036][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.025158][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.027483][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 114.029763][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.032903][ T5338] RIP: 0033:0x7f70c278e929 [ 114.035303][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.045183][ T5338] RSP: 002b:00007ffd1ed0a5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 114.050042][ T5338] RAX: 0000000000000000 RBX: 000000000001bbfe RCX: 00007f70c278e929 [ 114.053901][ T5338] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 114.058060][ T5338] RBP: 00007f70c29b7ba0 R08: 0000000000000001 R09: 000000161ed0a8af [ 114.061422][ T5338] R10: 00007f70c25ff02c R11: 0000000000000246 R12: 00007f70c29b5fac [ 114.064972][ T5338] R13: 00007f70c29b5fa0 R14: ffffffffffffffff R15: 00007ffd1ed0a6d0 [ 114.068896][ T5338] [ 114.070518][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 114.074380][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 114.080155][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.085534][ T5338] Call Trace: [ 114.087223][ T5338] [ 114.088609][ T5338] dump_stack_lvl+0x99/0x250 [ 114.090692][ T5338] ? __asan_memcpy+0x40/0x70 [ 114.092723][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.094956][ T5338] ? __pfx__printk+0x10/0x10 [ 114.096906][ T5338] panic+0x2db/0x790 [ 114.098696][ T5338] ? __pfx_panic+0x10/0x10 [ 114.100747][ T5338] __warn+0x31b/0x4b0 [ 114.102495][ T5338] ? inet_sock_destruct+0x623/0x730 [ 114.104720][ T5338] ? inet_sock_destruct+0x623/0x730 [ 114.106825][ T5338] report_bug+0x2be/0x4f0 [ 114.108702][ T5338] ? inet_sock_destruct+0x623/0x730 [ 114.111315][ T5338] ? inet_sock_destruct+0x623/0x730 [ 114.113702][ T5338] ? inet_sock_destruct+0x625/0x730 [ 114.116004][ T5338] handle_bug+0x84/0x160 [ 114.117914][ T5338] exc_invalid_op+0x1a/0x50 [ 114.119824][ T5338] asm_exc_invalid_op+0x1a/0x20 [ 114.121834][ T5338] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 114.124249][ T5338] Code: 0f 0b 90 e9 62 fe ff ff e8 1a 48 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 0c 48 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 fe 47 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 114.132561][ T5338] RSP: 0018:ffffc9000d37fc58 EFLAGS: 00010293 [ 114.135306][ T5338] RAX: ffffffff89ef0522 RBX: dffffc0000000000 RCX: ffff888032d70000 [ 114.138439][ T5338] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 114.141813][ T5338] RBP: 0000000080000000 R08: ffff888035e8dbdf R09: 1ffff11006bd1b7b [ 114.144838][ T5338] R10: dffffc0000000000 R11: ffffed1006bd1b7c R12: ffff888035e8d940 [ 114.148033][ T5338] R13: dffffc0000000000 R14: ffff888035e8dbc4 R15: 1ffff11006bd1b2a [ 114.151545][ T5338] ? inet_sock_destruct+0x622/0x730 [ 114.153511][ T5338] ? inet_sock_destruct+0x622/0x730 [ 114.155787][ T5338] ? netlink_has_listeners+0x339/0x3f0 [ 114.158208][ T5338] ? __pfx_inet_sock_destruct+0x10/0x10 [ 114.160552][ T5338] __sk_destruct+0x89/0x660 [ 114.162194][ T5338] inet_release+0x184/0x210 [ 114.163926][ T5338] sock_close+0xc0/0x240 [ 114.165642][ T5338] ? __pfx_sock_close+0x10/0x10 [ 114.167821][ T5338] __fput+0x449/0xa70 [ 114.169621][ T5338] task_work_run+0x1d1/0x260 [ 114.171678][ T5338] ? __pfx_task_work_run+0x10/0x10 [ 114.173838][ T5338] ? exit_to_user_mode_loop+0x40/0x110 [ 114.176247][ T5338] exit_to_user_mode_loop+0xec/0x110 [ 114.178449][ T5338] do_syscall_64+0x2bd/0x3b0 [ 114.180198][ T5338] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.182490][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.185087][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 114.186950][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.189216][ T5338] RIP: 0033:0x7f70c278e929 [ 114.191042][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.199036][ T5338] RSP: 002b:00007ffd1ed0a5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 114.202405][ T5338] RAX: 0000000000000000 RBX: 000000000001bbfe RCX: 00007f70c278e929 [ 114.206013][ T5338] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 114.209477][ T5338] RBP: 00007f70c29b7ba0 R08: 0000000000000001 R09: 000000161ed0a8af [ 114.213125][ T5338] R10: 00007f70c25ff02c R11: 0000000000000246 R12: 00007f70c29b5fac [ 114.216718][ T5338] R13: 00007f70c29b5fa0 R14: ffffffffffffffff R15: 00007ffd1ed0a6d0 [ 114.219908][ T5338] [ 114.221590][ T5338] Kernel Offset: disabled [ 114.223423][ T5338] Rebooting in 86400 seconds..