program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xfff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x80)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r2, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)='m', 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0xfffffdfd}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000480)="319a126c184cd9f7a85c00000000000000deb18d7bccde7cdc10617b6ef9bc125283d7e13aa0aafd3ff258e3dfe6199e782a5e2f9425f4b1b14aaf55a2ed18c2652d406b42d6a5d447bcefe220fa8f8c05000000278df3dd127d2fca32eba1b3bce63cbee0db177c15e20000", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}, {&(0x7f00000005c0)="8c31281d21c70e3ea68787003162e3010da2e993907c7300a3c054b17a14c58eb4fa2bedf612aa721d48a486044f0796c006c84af01529c68a42a742f23c381c22b255936c01586e86b6174b564a9459"}], 0x3}}], 0x4, 0x4048841)
sendto$inet6(r1, &(0x7f00000003c0)='\x00', 0x1, 0x20040005, 0x0, 0x0)
poll(&(0x7f0000000000)=[{r1}], 0x1, 0xef)
close(r1)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, 0x2, 0x6, 0x401, 0x6c, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x80}]}]}, 0x5c}}, 0x0)
[ 87.254660][ T43] cfg80211: failed to load regulatory.db
[ 87.268080][ T4673] Bluetooth: hci0: command tx timeout
[ 87.644539][ T5327] TCP: out of memory -- consider tuning tcp_mem
[ 87.649552][ T5327] ------------[ cut here ]------------
[ 87.652265][ T5327] WARNING: CPU: 0 PID: 5327 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[ 87.657342][ T5327] Modules linked in:
[ 87.659539][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 PREEMPT(full)
[ 87.665056][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.670270][ T5327] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 87.673224][ T5327] Code: 0f 0b 90 e9 62 fe ff ff e8 7a a8 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c a8 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e a8 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 87.682946][ T5327] RSP: 0018:ffffc9000d567c58 EFLAGS: 00010293
[ 87.685822][ T5327] RAX: ffffffff89eeb3e2 RBX: dffffc0000000000 RCX: ffff888000f94880
[ 87.689822][ T5327] RDX: 0000000000000000 RSI: 0000000080004000 RDI: 0000000000000000
[ 87.693947][ T5327] RBP: 0000000080004000 R08: ffff888037114f1f R09: 1ffff11006e229e3
[ 87.697324][ T5327] R10: dffffc0000000000 R11: ffffed1006e229e4 R12: ffff888037114c80
[ 87.701533][ T5327] R13: dffffc0000000000 R14: ffff888037114f04 R15: 1ffff11006e22992
[ 87.705962][ T5327] FS: 000055558cf5c500(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[ 87.710493][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 87.713966][ T5327] CR2: 00007f253d785538 CR3: 000000003ef72000 CR4: 0000000000352ef0
[ 87.717567][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 87.721900][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 87.726156][ T5327] Call Trace:
[ 87.727718][ T5327]
[ 87.729295][ T5327] ? netlink_has_listeners+0x339/0x3f0
[ 87.732145][ T5327] ? __pfx_inet_sock_destruct+0x10/0x10
[ 87.735157][ T5327] __sk_destruct+0x86/0x660
[ 87.737356][ T5327] inet_release+0x184/0x210
[ 87.739540][ T5327] sock_close+0xc3/0x240
[ 87.741661][ T5327] ? __pfx_sock_close+0x10/0x10
[ 87.744144][ T5327] __fput+0x44c/0xa70
[ 87.746544][ T5327] task_work_run+0x1d1/0x260
[ 87.748948][ T5327] ? __pfx_task_work_run+0x10/0x10
[ 87.751449][ T5327] ? exit_to_user_mode_loop+0x40/0x110
[ 87.754316][ T5327] exit_to_user_mode_loop+0xec/0x110
[ 87.756841][ T5327] do_syscall_64+0x2bd/0x3b0
[ 87.759540][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.762270][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.765213][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 87.767294][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.770301][ T5327] RIP: 0033:0x7f253d58e929
[ 87.772945][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.782364][ T5327] RSP: 002b:00007ffe718d6e58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 87.786585][ T5327] RAX: 0000000000000000 RBX: 00007f253d7b7ba0 RCX: 00007f253d58e929
[ 87.790379][ T5327] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 87.794351][ T5327] RBP: 00007f253d7b7ba0 R08: 000000000000e504 R09: 00000011718d714f
[ 87.798348][ T5327] R10: 0000000000df18c8 R11: 0000000000000246 R12: 00000000000157ca
[ 87.802006][ T5327] R13: 00007f253d7b6080 R14: ffffffffffffffff R15: 00007ffe718d6f70
[ 87.806198][ T5327]
[ 87.807897][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 87.811583][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 PREEMPT(full)
[ 87.816949][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.822211][ T5327] Call Trace:
[ 87.823717][ T5327]
[ 87.825110][ T5327] dump_stack_lvl+0x99/0x250
[ 87.827346][ T5327] ? __asan_memcpy+0x40/0x70
[ 87.829875][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.832419][ T5327] ? __pfx__printk+0x10/0x10
[ 87.834546][ T5327] panic+0x2db/0x790
[ 87.836397][ T5327] ? __pfx_panic+0x10/0x10
[ 87.838729][ T5327] __warn+0x31b/0x4b0
[ 87.840823][ T5327] ? inet_sock_destruct+0x623/0x730
[ 87.843338][ T5327] ? inet_sock_destruct+0x623/0x730
[ 87.846627][ T5327] report_bug+0x2be/0x4f0
[ 87.848865][ T5327] ? inet_sock_destruct+0x623/0x730
[ 87.851796][ T5327] ? inet_sock_destruct+0x623/0x730
[ 87.854352][ T5327] ? inet_sock_destruct+0x625/0x730
[ 87.856571][ T5327] handle_bug+0x84/0x160
[ 87.858406][ T5327] exc_invalid_op+0x1a/0x50
[ 87.860676][ T5327] asm_exc_invalid_op+0x1a/0x20
[ 87.863291][ T5327] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 87.866137][ T5327] Code: 0f 0b 90 e9 62 fe ff ff e8 7a a8 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c a8 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e a8 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 87.875164][ T5327] RSP: 0018:ffffc9000d567c58 EFLAGS: 00010293
[ 87.878448][ T5327] RAX: ffffffff89eeb3e2 RBX: dffffc0000000000 RCX: ffff888000f94880
[ 87.883070][ T5327] RDX: 0000000000000000 RSI: 0000000080004000 RDI: 0000000000000000
[ 87.887491][ T5327] RBP: 0000000080004000 R08: ffff888037114f1f R09: 1ffff11006e229e3
[ 87.891178][ T5327] R10: dffffc0000000000 R11: ffffed1006e229e4 R12: ffff888037114c80
[ 87.895377][ T5327] R13: dffffc0000000000 R14: ffff888037114f04 R15: 1ffff11006e22992
[ 87.898952][ T5327] ? inet_sock_destruct+0x622/0x730
[ 87.901304][ T5327] ? inet_sock_destruct+0x622/0x730
[ 87.903747][ T5327] ? netlink_has_listeners+0x339/0x3f0
[ 87.906533][ T5327] ? __pfx_inet_sock_destruct+0x10/0x10
[ 87.909006][ T5327] __sk_destruct+0x86/0x660
[ 87.911154][ T5327] inet_release+0x184/0x210
[ 87.913812][ T5327] sock_close+0xc3/0x240
[ 87.916199][ T5327] ? __pfx_sock_close+0x10/0x10
[ 87.918592][ T5327] __fput+0x44c/0xa70
[ 87.920449][ T5327] task_work_run+0x1d1/0x260
[ 87.922758][ T5327] ? __pfx_task_work_run+0x10/0x10
[ 87.925429][ T5327] ? exit_to_user_mode_loop+0x40/0x110
[ 87.928346][ T5327] exit_to_user_mode_loop+0xec/0x110
[ 87.930934][ T5327] do_syscall_64+0x2bd/0x3b0
[ 87.932957][ T5327] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.935395][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.938671][ T5327] ? clear_bhb_loop+0x60/0xb0
[ 87.941088][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.943803][ T5327] RIP: 0033:0x7f253d58e929
[ 87.945884][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.955115][ T5327] RSP: 002b:00007ffe718d6e58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 87.959375][ T5327] RAX: 0000000000000000 RBX: 00007f253d7b7ba0 RCX: 00007f253d58e929
[ 87.963371][ T5327] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 87.967128][ T5327] RBP: 00007f253d7b7ba0 R08: 000000000000e504 R09: 00000011718d714f
[ 87.971009][ T5327] R10: 0000000000df18c8 R11: 0000000000000246 R12: 00000000000157ca
[ 87.974995][ T5327] R13: 00007f253d7b6080 R14: ffffffffffffffff R15: 00007ffe718d6f70
[ 87.978963][ T5327]
[ 87.981002][ T5327] Kernel Offset: disabled
[ 87.983197][ T5327] Rebooting in 86400 seconds..