------------[ cut here ]------------
kernel BUG at net/ipv4/tcp_input.c:5406!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 3 UID: 0 PID: 33 Comm: ksoftirqd/3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:tcp_collapse+0x1519/0x1b50 net/ipv4/tcp_input.c:5406
Code: 04 00 00 41 0f b6 9f 84 00 00 00 31 ff 83 e3 20 89 de e8 3a 2c fc f7 84 db 0f 84 9e fa ff ff e9 cb fb ff ff e8 48 31 fc f7 90 <0f> 0b e8 40 31 fc f7 e8 3b 31 fc f7 4c 89 fa 48 c1 ea 03 42 80 3c
RSP: 0018:ffffc900006cf2b0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000000000000003c RCX: ffffffff89bee1d4
RDX: ffff88801e28a480 RSI: ffffffff89bee7b8 RDI: 0000000000000005
RBP: ffffc900006cf408 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000ffffffdc R11: 0000000000000000 R12: 00000000ffffffdc
R13: ffff888047d0b7ec R14: ffff888059430dc0 R15: ffff888047d0b7c0
FS:  0000000000000000(0000) GS:ffff8880d7160000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555589b5b7d0 CR3: 000000004b58a000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 tcp_prune_queue net/ipv4/tcp_input.c:5568 [inline]
 tcp_try_rmem_schedule+0xb23/0x18a0 net/ipv4/tcp_input.c:4907
 tcp_data_queue+0x1339/0x4f90 net/ipv4/tcp_input.c:5192
 tcp_rcv_established+0x88c/0x23f0 net/ipv4/tcp_input.c:6216
 tcp_v4_do_rcv+0x5ca/0xa90 net/ipv4/tcp_ipv4.c:1926
 tcp_v4_rcv+0x2ee1/0x4640 net/ipv4/tcp_ipv4.c:2368
 ip_protocol_deliver_rcu+0xba/0x4c0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x3f2/0x720 net/ipv4/ip_input.c:239
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_local_deliver+0x18e/0x1f0 net/ipv4/ip_input.c:260
 dst_input include/net/dst.h:471 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:454 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_rcv+0x2e0/0x600 net/ipv4/ip_input.c:574
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5991
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6104
 process_backlog+0x442/0x15e0 net/core/dev.c:6456
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0xa9f/0xfe0 net/core/dev.c:7696
 handle_softirqs+0x216/0x8e0 kernel/softirq.c:622
 run_ksoftirqd kernel/softirq.c:1063 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:1055
 smpboot_thread_fn+0x3f4/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:tcp_collapse+0x1519/0x1b50 net/ipv4/tcp_input.c:5406
Code: 04 00 00 41 0f b6 9f 84 00 00 00 31 ff 83 e3 20 89 de e8 3a 2c fc f7 84 db 0f 84 9e fa ff ff e9 cb fb ff ff e8 48 31 fc f7 90 <0f> 0b e8 40 31 fc f7 e8 3b 31 fc f7 4c 89 fa 48 c1 ea 03 42 80 3c
RSP: 0018:ffffc900006cf2b0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000000000000003c RCX: ffffffff89bee1d4
RDX: ffff88801e28a480 RSI: ffffffff89bee7b8 RDI: 0000000000000005
RBP: ffffc900006cf408 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000ffffffdc R11: 0000000000000000 R12: 00000000ffffffdc
R13: ffff888047d0b7ec R14: ffff888059430dc0 R15: ffff888047d0b7c0
FS:  0000000000000000(0000) GS:ffff8880d7160000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555589b5b7d0 CR3: 000000004b58a000 CR4: 0000000000352ef0