program:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0) (async)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001080)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="07000d002e43e61fbb724000f86075887f59740004000000000000000000ba61bb0b78563ee0351849bf5b1a4c28a673ffd90c9f23b12f4277665d45c8c74fbb43917fce7f8dedd4d18603a7db4aa13961bb42098cfd46876f446e2a59ead616a394e500d7744490eb81ad9164e908ad7e0f39f0104c5304e87335dfad390e18da0d8d98cede5838f0bf89e3e9a91e2303afcfc2ccf047e086e4b27f704c024ee5bacb26419308be0ce2be582cae43b978faab726ad65b4efb6978", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) (async)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (async)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r5, &(0x7f00000014c0)=ANY=[], 0x46b) (async)
sendmmsg$inet(r5, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73) (async)
r7 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r7, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
ppoll(&(0x7f0000000080)=[{r7, 0x79a8}], 0x1, 0x0, 0x0, 0x0) (async)
sendmmsg$inet6(r6, &(0x7f0000002c00)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x10800}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @private2, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="f5feff43000000ffffffff0200"/24], 0x18}}], 0x2, 0x0) (async)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file1\x00', 0x50, &(0x7f0000000280), 0x1, 0x3dd, &(0x7f00000008c0)="$eJzs3M1uG0UcAPD/bj5K0g8HiQMqHCyBIAiI60CAIiQKVz4uwANYSVoq3KZqjERLDgVx4sQBcePQF+DAA1QVQkLiFXgBVKlCaQ5wC1p713FjO8SKHdPk95NGnlmPO/Pf3a5mNrsTwLFVjogLETEREYsRUcq3p3mKW62U1XuwubG8tbmxnMT29kd/JZHk24p/K8k/T+aF+TQi/SbiqVvd7a7fuPlZrV5fvZ6XK40r1yrrN26+fPlK7dLqpdWr1dfPV6tLi29UXx1arD88+8L5iXcvnP3xj9Ldpenpmay/p/LvOuMYlnKU2/tkt6VhNzZm0+PuAAAA+5LmY//J5vi/FBPNXEspKhtj7RwAAAAwFNtv558AAADAEZaY+wMAAMARVzwH8GBzY7lIY3wc4dDdfyci5nbebd5qxz8Zj+V1pkb4fms5Iq49l5SyFCN6DxkAoNPdbPxzrtf4L40nO+qdiGiOh2aG3H55V7l7/JPeG3KTD8nGf29FxFbX+C8tqsxN5KXTzaHiVHLxcn31XESciYj5mDqRlat7tPHe3z992O+7LP5fk9NnipS1n33u1EjvTZ54+DcrtUbtIDF3uv9VxNnJXvEn7fFvEhGzB2hj4svbb/b77r/jH63t2xHP9zz+Oyv3JHuvT1Rpng+V4qzo9s/XP3/Qr/1xx58d/9m9459LOtdrWh+8jTuf/v50M9Mjqs75zyDn/3TycTNfzMu+qDUa16sR08n73dsXd35blIv6Wfzzz/T+/19c/5J8TatT+TVgUN9+98tLe9doxZ+lrP1iLngYsvhXBjr+g2deu/PbJ/3a7zz+vePPjn9rDbD5fMt+rn/77eBB9h0AAAA8KtLmfY0kXWjn03RhoXW/44mYTetr640XL659fnWldf9jLqbS4k5XqeN+aLX1Z/R2eXFX+ZWIeDwivi/NNMsLy2v1lXEHDwAAAMfEyT7z/8yfh/YUAgAAADByc+PuAAAAADBy5v8AAABwpB1kXb/jm8n23P+gGzIyI8uM+8oEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwaPs3AAD//9oMtCQ=")
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000080)={0x19})
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000200)={0x15})

[   68.381973][ T5312] Bluetooth: hci0: command tx timeout
[   68.478369][ T5329] TCP: out of memory -- consider tuning tcp_mem
[   68.483851][ T5329] ------------[ cut here ]------------
[   68.486133][ T5329] WARNING: CPU: 0 PID: 5329 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x638/0x740
[   68.489961][ T5329] Modules linked in:
[   68.491602][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) 
[   68.496232][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.500293][ T5329] RIP: 0010:inet_sock_destruct+0x638/0x740
[   68.502724][ T5329] Code: 0f 0b 90 e9 5f fe ff ff e8 45 0c 2c f7 90 0f 0b 90 e9 92 fe ff ff e8 37 0c 2c f7 90 0f 0b 90 e9 b8 fe ff ff e8 29 0c 2c f7 90 <0f> 0b 90 e9 de fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9b fc
[   68.510088][ T5329] RSP: 0018:ffffc9000d407818 EFLAGS: 00010293
[   68.512797][ T5329] RAX: ffffffff8a96ae97 RBX: 0000000080000000 RCX: ffff888000218000
[   68.515904][ T5329] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   68.519005][ T5329] RBP: 0000000000000007 R08: ffffffff8a96ad71 R09: 1ffff1100822cb7b
[   68.522299][ T5329] R10: dffffc0000000000 R11: ffffed100822cb7c R12: ffff888041165940
[   68.525391][ T5329] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff888041165952
[   68.528440][ T5329] FS:  0000000000000000(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000
[   68.531965][ T5329] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.534632][ T5329] CR2: 0000000000000000 CR3: 0000000051c10000 CR4: 0000000000352ef0
[   68.537888][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.541042][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.544331][ T5329] Call Trace:
[   68.545731][ T5329]  <TASK>
[   68.547009][ T5329]  ? __pfx_inet_sock_destruct+0x10/0x10
[   68.549270][ T5329]  __sk_destruct+0x8d/0x650
[   68.551155][ T5329]  inet_release+0x17d/0x200
[   68.553168][ T5329]  sock_close+0xbc/0x240
[   68.555001][ T5329]  ? __pfx_sock_close+0x10/0x10
[   68.557046][ T5329]  __fput+0x3e9/0x9f0
[   68.558748][ T5329]  task_work_run+0x251/0x310
[   68.560647][ T5329]  ? __pfx_task_work_run+0x10/0x10
[   68.562825][ T5329]  ? switch_task_namespaces+0xe4/0x110
[   68.565066][ T5329]  do_exit+0xa11/0x27f0
[   68.566792][ T5329]  ? do_raw_spin_lock+0x151/0x370
[   68.568725][ T5329]  ? __pfx_do_exit+0x10/0x10
[   68.570544][ T5329]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   68.572896][ T5329]  do_group_exit+0x207/0x2c0
[   68.574782][ T5329]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.577258][ T5329]  ? lockdep_hardirqs_on+0x9d/0x150
[   68.579357][ T5329]  get_signal+0x1696/0x1730
[   68.581255][ T5329]  ? __pfx_get_signal+0x10/0x10
[   68.583615][ T5329]  arch_do_signal_or_restart+0x98/0x810
[   68.585875][ T5329]  ? __pfx___sys_connect+0x10/0x10
[   68.587923][ T5329]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   68.590421][ T5329]  ? syscall_exit_to_user_mode+0xa3/0x340
[   68.593012][ T5329]  syscall_exit_to_user_mode+0xce/0x340
[   68.595295][ T5329]  do_syscall_64+0x100/0x210
[   68.597189][ T5329]  ? clear_bhb_loop+0x45/0xa0
[   68.599116][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.601501][ T5329] RIP: 0033:0x7f64f918e169
[   68.603324][ T5329] Code: Unable to access opcode bytes at 0x7f64f918e13f.
[   68.605945][ T5329] RSP: 002b:00007f64f9fc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   68.609333][ T5329] RAX: 0000000000000000 RBX: 00007f64f93b6080 RCX: 00007f64f918e169
[   68.612583][ T5329] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000006
[   68.615788][ T5329] RBP: 00007f64f9210a68 R08: 0000000000000000 R09: 0000000000000000
[   68.619022][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.622275][ T5329] R13: 0000000000000000 R14: 00007f64f93b6080 R15: 00007ffe45d2bd38
[   68.625446][ T5329]  </TASK>
[   68.626669][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.629497][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) 
[   68.634107][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.638393][ T5329] Call Trace:
[   68.639723][ T5329]  <TASK>
[   68.640910][ T5329]  dump_stack_lvl+0x241/0x360
[   68.642754][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.644755][ T5329]  ? __pfx__printk+0x10/0x10
[   68.646429][ T5329]  ? vscnprintf+0x5d/0x90
[   68.648081][ T5329]  panic+0x349/0x880
[   68.649611][ T5329]  ? __warn+0x174/0x4d0
[   68.651256][ T5329]  ? __pfx_panic+0x10/0x10
[   68.653076][ T5329]  __warn+0x344/0x4d0
[   68.654686][ T5329]  ? inet_sock_destruct+0x638/0x740
[   68.656807][ T5329]  report_bug+0x2b3/0x500
[   68.658513][ T5329]  ? inet_sock_destruct+0x638/0x740
[   68.660533][ T5329]  ? inet_sock_destruct+0x638/0x740
[   68.662567][ T5329]  ? inet_sock_destruct+0x63a/0x740
[   68.664672][ T5329]  handle_bug+0x89/0x170
[   68.666382][ T5329]  exc_invalid_op+0x1a/0x50
[   68.668180][ T5329]  asm_exc_invalid_op+0x1a/0x20
[   68.670095][ T5329] RIP: 0010:inet_sock_destruct+0x638/0x740
[   68.672425][ T5329] Code: 0f 0b 90 e9 5f fe ff ff e8 45 0c 2c f7 90 0f 0b 90 e9 92 fe ff ff e8 37 0c 2c f7 90 0f 0b 90 e9 b8 fe ff ff e8 29 0c 2c f7 90 <0f> 0b 90 e9 de fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9b fc
[   68.679865][ T5329] RSP: 0018:ffffc9000d407818 EFLAGS: 00010293
[   68.682330][ T5329] RAX: ffffffff8a96ae97 RBX: 0000000080000000 RCX: ffff888000218000
[   68.685459][ T5329] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   68.688340][ T5329] RBP: 0000000000000007 R08: ffffffff8a96ad71 R09: 1ffff1100822cb7b
[   68.691455][ T5329] R10: dffffc0000000000 R11: ffffed100822cb7c R12: ffff888041165940
[   68.694376][ T5329] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff888041165952
[   68.696983][ T5329]  ? inet_sock_destruct+0x511/0x740
[   68.698846][ T5329]  ? inet_sock_destruct+0x637/0x740
[   68.700915][ T5329]  ? inet_sock_destruct+0x637/0x740
[   68.703022][ T5329]  ? __pfx_inet_sock_destruct+0x10/0x10
[   68.705305][ T5329]  __sk_destruct+0x8d/0x650
[   68.707073][ T5329]  inet_release+0x17d/0x200
[   68.708869][ T5329]  sock_close+0xbc/0x240
[   68.710470][ T5329]  ? __pfx_sock_close+0x10/0x10
[   68.712368][ T5329]  __fput+0x3e9/0x9f0
[   68.713914][ T5329]  task_work_run+0x251/0x310
[   68.715767][ T5329]  ? __pfx_task_work_run+0x10/0x10
[   68.717784][ T5329]  ? switch_task_namespaces+0xe4/0x110
[   68.719983][ T5329]  do_exit+0xa11/0x27f0
[   68.721618][ T5329]  ? do_raw_spin_lock+0x151/0x370
[   68.723585][ T5329]  ? __pfx_do_exit+0x10/0x10
[   68.725406][ T5329]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   68.727490][ T5329]  do_group_exit+0x207/0x2c0
[   68.729301][ T5329]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.731288][ T5329]  ? lockdep_hardirqs_on+0x9d/0x150
[   68.733349][ T5329]  get_signal+0x1696/0x1730
[   68.735222][ T5329]  ? __pfx_get_signal+0x10/0x10
[   68.737199][ T5329]  arch_do_signal_or_restart+0x98/0x810
[   68.739371][ T5329]  ? __pfx___sys_connect+0x10/0x10
[   68.741379][ T5329]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   68.743811][ T5329]  ? syscall_exit_to_user_mode+0xa3/0x340
[   68.746027][ T5329]  syscall_exit_to_user_mode+0xce/0x340
[   68.748271][ T5329]  do_syscall_64+0x100/0x210
[   68.750121][ T5329]  ? clear_bhb_loop+0x45/0xa0
[   68.751971][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.754176][ T5329] RIP: 0033:0x7f64f918e169
[   68.755720][ T5329] Code: Unable to access opcode bytes at 0x7f64f918e13f.
[   68.758040][ T5329] RSP: 002b:00007f64f9fc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   68.761310][ T5329] RAX: 0000000000000000 RBX: 00007f64f93b6080 RCX: 00007f64f918e169
[   68.764332][ T5329] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000006
[   68.767406][ T5329] RBP: 00007f64f9210a68 R08: 0000000000000000 R09: 0000000000000000
[   68.770369][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.773410][ T5329] R13: 0000000000000000 R14: 00007f64f93b6080 R15: 00007ffe45d2bd38
[   68.776450][ T5329]  </TASK>
[   68.777907][ T5329] Kernel Offset: disabled
[   68.779570][ T5329] Rebooting in 86400 seconds..