program: r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x40000000203, 0x301) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x110, 0x40, &(0x7f0000000000)={0x0, 0x1, 0x2, 0x2}, 0x8, 0x20400000, 0xc, 0x0, 0x0, 0x20000, 0x0}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r2, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0xfffffd35}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) sendto$inet6(r1, &(0x7f00000003c0)='\x00', 0x1, 0x20040005, 0x0, 0x0) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xef) open(&(0x7f0000000100)='./file0\x00', 0x62000, 0x8) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r3, &(0x7f0000000340)={0x219, 0x7d, 0x2, {{0x500, 0xd8, 0x0, 0x0, {0x96346fe8a85d2583, 0x0, 0x8}, 0x41400000, 0x0, 0xe5e0, 0x5, 0x1b, '\x04nodev{evoo~\x05E\xc6\x00\x05\b\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x3e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c<;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0w\xdct\x00\x00\x00\x00\x00\x00\x00\x00\a\xec!\xca\xbf\xf2\x0f\x9c\x00\x89\xf9\x06\x00\x00\x00\x00\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x13r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, r4}}, 0x219) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x4, 0x31, 0x2, 0x2, 0x3f, 0x9, &(0x7f0000000080)="e7ff56ce34532bdcb9d7801d74d1bab22954a533d5e5690a3367f773e9275e8d8a86725c659f72d94f797c134c77c48496080b055770842a9d1e65e972aac6"}) [ 85.679080][ T5310] Bluetooth: hci0: command tx timeout [ 85.781939][ T5332] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 85.871317][ T5333] vhci_hcd: default hub control req: 0431 v0002 i0002 l63 [ 86.058461][ T5331] TCP: out of memory -- consider tuning tcp_mem [ 86.062732][ T5331] ------------[ cut here ]------------ [ 86.066061][ T5331] WARNING: CPU: 0 PID: 5331 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730 [ 86.072145][ T5331] Modules linked in: [ 86.074569][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 86.079652][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.085536][ T5331] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 86.088356][ T5331] Code: 0f 0b 90 e9 62 fe ff ff e8 ca ee d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 bc ee d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 ae ee d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 86.097113][ T5331] RSP: 0018:ffffc9000fd7fc58 EFLAGS: 00010293 [ 86.099829][ T5331] RAX: ffffffff89ee7042 RBX: dffffc0000000000 RCX: ffff88801f774880 [ 86.104456][ T5331] RDX: 0000000000000000 RSI: 0000000080002000 RDI: 0000000000000000 [ 86.108014][ T5331] RBP: 0000000080002000 R08: ffff888043c44f1f R09: 1ffff110087889e3 [ 86.112109][ T5331] R10: dffffc0000000000 R11: ffffed10087889e4 R12: ffff888043c44c80 [ 86.116301][ T5331] R13: dffffc0000000000 R14: ffff888043c44f04 R15: 1ffff11008788992 [ 86.120537][ T5331] FS: 000055557af76500(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 86.124651][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.127875][ T5331] CR2: 000055df6f84e168 CR3: 000000003ff3a000 CR4: 0000000000352ef0 [ 86.131383][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.134940][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.138541][ T5331] Call Trace: [ 86.140389][ T5331] [ 86.142034][ T5331] ? netlink_has_listeners+0x339/0x3f0 [ 86.144991][ T5331] ? __pfx_inet_sock_destruct+0x10/0x10 [ 86.147758][ T5331] __sk_destruct+0x86/0x660 [ 86.149759][ T5331] inet_release+0x187/0x210 [ 86.151890][ T5331] sock_close+0xc0/0x240 [ 86.153865][ T5331] ? __pfx_sock_close+0x10/0x10 [ 86.156114][ T5331] __fput+0x44c/0xa70 [ 86.158171][ T5331] task_work_run+0x1d1/0x260 [ 86.160331][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 86.163401][ T5331] ? exit_to_user_mode_loop+0x40/0x110 [ 86.166350][ T5331] exit_to_user_mode_loop+0xec/0x110 [ 86.169612][ T5331] do_syscall_64+0x2bd/0x3b0 [ 86.173164][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.175939][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.178422][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 86.180597][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.184004][ T5331] RIP: 0033:0x7ff99058e929 [ 86.185923][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.195191][ T5331] RSP: 002b:00007ffe1d4b01d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 86.199022][ T5331] RAX: 0000000000000000 RBX: 00007ff9907b7ba0 RCX: 00007ff99058e929 [ 86.202520][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 86.206221][ T5331] RBP: 00007ff9907b7ba0 R08: 0000000000011ba4 R09: 000000131d4b04cf [ 86.209785][ T5331] R10: 0000000000dee228 R11: 0000000000000246 R12: 0000000000015198 [ 86.213628][ T5331] R13: 00007ff9907b6080 R14: ffffffffffffffff R15: 00007ffe1d4b02f0 [ 86.217004][ T5331] [ 86.218475][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.221692][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 86.226892][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.231798][ T5331] Call Trace: [ 86.233403][ T5331] [ 86.234710][ T5331] dump_stack_lvl+0x99/0x250 [ 86.236762][ T5331] ? __asan_memcpy+0x40/0x70 [ 86.238749][ T5331] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.241137][ T5331] ? __pfx__printk+0x10/0x10 [ 86.243131][ T5331] panic+0x2db/0x790 [ 86.244952][ T5331] ? __pfx_panic+0x10/0x10 [ 86.247701][ T5331] __warn+0x31b/0x4b0 [ 86.250135][ T5331] ? inet_sock_destruct+0x623/0x730 [ 86.252701][ T5331] ? inet_sock_destruct+0x623/0x730 [ 86.255321][ T5331] report_bug+0x2be/0x4f0 [ 86.257514][ T5331] ? inet_sock_destruct+0x623/0x730 [ 86.260238][ T5331] ? inet_sock_destruct+0x623/0x730 [ 86.262955][ T5331] ? inet_sock_destruct+0x625/0x730 [ 86.265848][ T5331] handle_bug+0x84/0x160 [ 86.267823][ T5331] exc_invalid_op+0x1a/0x50 [ 86.269916][ T5331] asm_exc_invalid_op+0x1a/0x20 [ 86.272151][ T5331] RIP: 0010:inet_sock_destruct+0x623/0x730 [ 86.274538][ T5331] Code: 0f 0b 90 e9 62 fe ff ff e8 ca ee d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 bc ee d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 ae ee d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc [ 86.283051][ T5331] RSP: 0018:ffffc9000fd7fc58 EFLAGS: 00010293 [ 86.285785][ T5331] RAX: ffffffff89ee7042 RBX: dffffc0000000000 RCX: ffff88801f774880 [ 86.289426][ T5331] RDX: 0000000000000000 RSI: 0000000080002000 RDI: 0000000000000000 [ 86.294028][ T5331] RBP: 0000000080002000 R08: ffff888043c44f1f R09: 1ffff110087889e3 [ 86.298186][ T5331] R10: dffffc0000000000 R11: ffffed10087889e4 R12: ffff888043c44c80 [ 86.301819][ T5331] R13: dffffc0000000000 R14: ffff888043c44f04 R15: 1ffff11008788992 [ 86.305218][ T5331] ? inet_sock_destruct+0x622/0x730 [ 86.307439][ T5331] ? inet_sock_destruct+0x622/0x730 [ 86.309729][ T5331] ? netlink_has_listeners+0x339/0x3f0 [ 86.312832][ T5331] ? __pfx_inet_sock_destruct+0x10/0x10 [ 86.315861][ T5331] __sk_destruct+0x86/0x660 [ 86.317809][ T5331] inet_release+0x187/0x210 [ 86.319890][ T5331] sock_close+0xc0/0x240 [ 86.321844][ T5331] ? __pfx_sock_close+0x10/0x10 [ 86.324317][ T5331] __fput+0x44c/0xa70 [ 86.326368][ T5331] task_work_run+0x1d1/0x260 [ 86.328886][ T5331] ? __pfx_task_work_run+0x10/0x10 [ 86.331567][ T5331] ? exit_to_user_mode_loop+0x40/0x110 [ 86.334591][ T5331] exit_to_user_mode_loop+0xec/0x110 [ 86.337494][ T5331] do_syscall_64+0x2bd/0x3b0 [ 86.340070][ T5331] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.342525][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.345030][ T5331] ? clear_bhb_loop+0x60/0xb0 [ 86.346980][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.349324][ T5331] RIP: 0033:0x7ff99058e929 [ 86.351294][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.360226][ T5331] RSP: 002b:00007ffe1d4b01d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 86.363692][ T5331] RAX: 0000000000000000 RBX: 00007ff9907b7ba0 RCX: 00007ff99058e929 [ 86.367352][ T5331] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 86.372365][ T5331] RBP: 00007ff9907b7ba0 R08: 0000000000011ba4 R09: 000000131d4b04cf [ 86.375838][ T5331] R10: 0000000000dee228 R11: 0000000000000246 R12: 0000000000015198 [ 86.379234][ T5331] R13: 00007ff9907b6080 R14: ffffffffffffffff R15: 00007ffe1d4b02f0 [ 86.382883][ T5331] [ 86.384727][ T5331] Kernel Offset: disabled [ 86.386923][ T5331] Rebooting in 86400 seconds..