program:
r0 = syz_open_dev$vbi(&(0x7f0000001140), 0x3, 0x2) (async)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OKEY={0x8, 0x5, 0x20}, @IFLA_GRE_IKEY={0x8}]}}}]}, 0x48}}, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r6, r5, 0x7, 0x0, 0x0, @void, @value}, 0x10) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) (async)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r7, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) (async)
write$binfmt_elf32(r7, &(0x7f00000014c0)=ANY=[], 0x46b) (async)
sendmmsg$inet(r7, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r6, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r4}, 0x20)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0) (async)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xfffffffc})
[ 84.958916][ T5304] Bluetooth: hci0: command tx timeout
[ 85.105273][ T5326] TCP: out of memory -- consider tuning tcp_mem
[ 85.110119][ T5326] ------------[ cut here ]------------
[ 85.112950][ T5326] WARNING: CPU: 0 PID: 5326 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[ 85.117553][ T5326] Modules linked in:
[ 85.119722][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full)
[ 85.126286][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.131105][ T5326] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 85.134691][ T5326] Code: 0f 0b 90 e9 62 fe ff ff e8 2a a3 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 1c a3 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 0e a3 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 85.143814][ T5326] RSP: 0018:ffffc9000fe47c58 EFLAGS: 00010293
[ 85.146655][ T5326] RAX: ffffffff89eeb972 RBX: dffffc0000000000 RCX: ffff8880005f0000
[ 85.150217][ T5326] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 85.154231][ T5326] RBP: 0000000080000000 R08: ffff88803e92425f R09: 1ffff11007d2484b
[ 85.158104][ T5326] R10: dffffc0000000000 R11: ffffed1007d2484c R12: ffff88803e923fc0
[ 85.162122][ T5326] R13: dffffc0000000000 R14: ffff88803e924244 R15: 1ffff11007d247fa
[ 85.165619][ T5326] FS: 0000555567f58500(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[ 85.169882][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.173512][ T5326] CR2: 0000000000000000 CR3: 0000000044455000 CR4: 0000000000352ef0
[ 85.176951][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 85.180639][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 85.184506][ T5326] Call Trace:
[ 85.185926][ T5326]
[ 85.187233][ T5326] ? netlink_has_listeners+0x339/0x3f0
[ 85.189546][ T5326] ? __pfx_inet_sock_destruct+0x10/0x10
[ 85.192067][ T5326] __sk_destruct+0x89/0x660
[ 85.194862][ T5326] inet_release+0x187/0x210
[ 85.197210][ T5326] sock_close+0xc3/0x240
[ 85.199058][ T5326] ? __pfx_sock_close+0x10/0x10
[ 85.201155][ T5326] __fput+0x44c/0xa70
[ 85.203342][ T5326] task_work_run+0x1d1/0x260
[ 85.205267][ T5326] ? __pfx_task_work_run+0x10/0x10
[ 85.207485][ T5326] ? exit_to_user_mode_loop+0x40/0x110
[ 85.210222][ T5326] exit_to_user_mode_loop+0xec/0x110
[ 85.213080][ T5326] do_syscall_64+0x2bd/0x3b0
[ 85.215674][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.217902][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.220502][ T5326] ? clear_bhb_loop+0x60/0xb0
[ 85.223371][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.225806][ T5326] RIP: 0033:0x7fbd3db8e929
[ 85.227786][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.237087][ T5326] RSP: 002b:00007ffead43ea78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 85.240571][ T5326] RAX: 0000000000000000 RBX: 0000000000014bb6 RCX: 00007fbd3db8e929
[ 85.243992][ T5326] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 85.247781][ T5326] RBP: 00007fbd3ddb7ba0 R08: 0000000000000001 R09: 00000018ad43ed6f
[ 85.251369][ T5326] R10: 00007fbd3d9ff030 R11: 0000000000000246 R12: 00007fbd3ddb608c
[ 85.254905][ T5326] R13: 00007fbd3ddb6080 R14: ffffffffffffffff R15: 00007ffead43eb90
[ 85.258260][ T5326]
[ 85.259935][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 85.263435][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full)
[ 85.268482][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.273168][ T5326] Call Trace:
[ 85.274904][ T5326]
[ 85.276416][ T5326] dump_stack_lvl+0x99/0x250
[ 85.278591][ T5326] ? __asan_memcpy+0x40/0x70
[ 85.280659][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.282984][ T5326] ? __pfx__printk+0x10/0x10
[ 85.285046][ T5326] panic+0x2db/0x790
[ 85.286956][ T5326] ? __pfx_panic+0x10/0x10
[ 85.289086][ T5326] __warn+0x31b/0x4b0
[ 85.290941][ T5326] ? inet_sock_destruct+0x623/0x730
[ 85.293149][ T5326] ? inet_sock_destruct+0x623/0x730
[ 85.295348][ T5326] report_bug+0x2be/0x4f0
[ 85.297229][ T5326] ? inet_sock_destruct+0x623/0x730
[ 85.299607][ T5326] ? inet_sock_destruct+0x623/0x730
[ 85.301930][ T5326] ? inet_sock_destruct+0x625/0x730
[ 85.304466][ T5326] handle_bug+0x84/0x160
[ 85.306525][ T5326] exc_invalid_op+0x1a/0x50
[ 85.308569][ T5326] asm_exc_invalid_op+0x1a/0x20
[ 85.310650][ T5326] RIP: 0010:inet_sock_destruct+0x623/0x730
[ 85.313305][ T5326] Code: 0f 0b 90 e9 62 fe ff ff e8 2a a3 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 1c a3 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 0e a3 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[ 85.321917][ T5326] RSP: 0018:ffffc9000fe47c58 EFLAGS: 00010293
[ 85.324642][ T5326] RAX: ffffffff89eeb972 RBX: dffffc0000000000 RCX: ffff8880005f0000
[ 85.328055][ T5326] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 85.331761][ T5326] RBP: 0000000080000000 R08: ffff88803e92425f R09: 1ffff11007d2484b
[ 85.335170][ T5326] R10: dffffc0000000000 R11: ffffed1007d2484c R12: ffff88803e923fc0
[ 85.338569][ T5326] R13: dffffc0000000000 R14: ffff88803e924244 R15: 1ffff11007d247fa
[ 85.342277][ T5326] ? inet_sock_destruct+0x622/0x730
[ 85.345224][ T5326] ? inet_sock_destruct+0x622/0x730
[ 85.347688][ T5326] ? netlink_has_listeners+0x339/0x3f0
[ 85.350019][ T5326] ? __pfx_inet_sock_destruct+0x10/0x10
[ 85.352323][ T5326] __sk_destruct+0x89/0x660
[ 85.354268][ T5326] inet_release+0x187/0x210
[ 85.356129][ T5326] sock_close+0xc3/0x240
[ 85.357937][ T5326] ? __pfx_sock_close+0x10/0x10
[ 85.360280][ T5326] __fput+0x44c/0xa70
[ 85.362245][ T5326] task_work_run+0x1d1/0x260
[ 85.364203][ T5326] ? __pfx_task_work_run+0x10/0x10
[ 85.366225][ T5326] ? exit_to_user_mode_loop+0x40/0x110
[ 85.368338][ T5326] exit_to_user_mode_loop+0xec/0x110
[ 85.370466][ T5326] do_syscall_64+0x2bd/0x3b0
[ 85.372253][ T5326] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.374475][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.377203][ T5326] ? clear_bhb_loop+0x60/0xb0
[ 85.379198][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.381574][ T5326] RIP: 0033:0x7fbd3db8e929
[ 85.383380][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.391353][ T5326] RSP: 002b:00007ffead43ea78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 85.394744][ T5326] RAX: 0000000000000000 RBX: 0000000000014bb6 RCX: 00007fbd3db8e929
[ 85.397997][ T5326] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 85.401556][ T5326] RBP: 00007fbd3ddb7ba0 R08: 0000000000000001 R09: 00000018ad43ed6f
[ 85.405208][ T5326] R10: 00007fbd3d9ff030 R11: 0000000000000246 R12: 00007fbd3ddb608c
[ 85.408706][ T5326] R13: 00007fbd3ddb6080 R14: ffffffffffffffff R15: 00007ffead43eb90
[ 85.412456][ T5326]
[ 85.414433][ T5326] Kernel Offset: disabled
[ 85.416502][ T5326] Rebooting in 86400 seconds..