program:
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8)
timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r1 = gettid()
tkill(r1, 0x14)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f00000000c0)=0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SPORT={0x6, 0x1c, 0x4e20}]}, 0x24}}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)=0x10001)
mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r2, 0x0)
gettid() (async)
rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8) (async)
timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4, @tid=r0}, &(0x7f0000044000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) (async)
gettid() (async)
tkill(r1, 0x14) (async)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f00000000c0)=0x1) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) (async)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SPORT={0x6, 0x1c, 0x4e20}]}, 0x24}}, 0x0) (async)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)=0x10001) (async)
mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r2, 0x0) (async)

[   58.624967][    C0] ------------[ cut here ]------------
[   58.627061][    C0] WARNING: CPU: 0 PID: 5313 at kernel/signal.c:2050 posixtimer_send_sigqueue+0xa08/0xce0
[   58.636293][    C0] Modules linked in:
[   58.639053][    C0] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[   58.643636][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.647878][    C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0
[   58.650253][    C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7
[   58.657420][    C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010082
[   58.659581][    C0] RAX: dffffc0000000000 RBX: 1ffff11008708203 RCX: ffff888000bb2440
[   58.662267][    C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000
[   58.665084][    C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff11003df15c8
[   58.667702][    C0] R10: dffffc0000000000 R11: ffffed1003df15c9 R12: ffff888043841000
[   58.670504][    C0] R13: 1ffff11008708210 R14: ffff888043841018 R15: ffff8880438410c0
[   58.673568][    C0] FS:  00007fe8a00696c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   58.677028][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.679537][    C0] CR2: 00007fe8a0068fe0 CR3: 0000000043332000 CR4: 0000000000352ef0
[   58.682642][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.685660][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.688666][    C0] Call Trace:
[   58.689931][    C0]  <IRQ>
[   58.691038][    C0]  ? __warn+0x165/0x4d0
[   58.692563][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   58.694647][    C0]  ? report_bug+0x2b3/0x500
[   58.696287][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   58.698333][    C0]  ? handle_bug+0x60/0x90
[   58.699843][    C0]  ? exc_invalid_op+0x1a/0x50
[   58.701500][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   58.703279][    C0]  ? prepare_signal+0x6c0/0xc90
[   58.705020][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   58.707120][    C0]  ? posixtimer_send_sigqueue+0xd3/0xce0
[   58.709231][    C0]  ? __pfx_posixtimer_send_sigqueue+0x10/0x10
[   58.711482][    C0]  posix_timer_fn+0xe2/0x160
[   58.713220][    C0]  ? __pfx_posix_timer_fn+0x10/0x10
[   58.715065][    C0]  __hrtimer_run_queues+0x59b/0xd30
[   58.716999][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   58.719118][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   58.720995][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[   58.723250][    C0]  hrtimer_interrupt+0x403/0xa40
[   58.725236][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[   58.727570][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   58.729752][    C0]  </IRQ>
[   58.730897][    C0]  <TASK>
[   58.731989][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   58.734308][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[   58.736821][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 3e f4 3a f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 53 a7 a2 f5 65 8b 05 f4 0a 39 74 85 c0 74 43 48 c7 04 24 0e 36
[   58.744541][    C0] RSP: 0018:ffffc9000d537c60 EFLAGS: 00000206
[   58.746869][    C0] RAX: 7d797fed4b189400 RBX: 1ffff92001aa6f90 RCX: ffffffff9a3a8903
[   58.749868][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: 0000000000000001
[   58.752820][    C0] RBP: ffffc9000d537cf0 R08: ffffffff90196577 R09: 1ffffffff2032cae
[   58.755618][    C0] R10: dffffc0000000000 R11: fffffbfff2032caf R12: dffffc0000000000
[   58.758449][    C0] R13: 1ffff92001aa6f8c R14: ffffc9000d537c80 R15: 0000000000000246
[   58.761300][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.763706][    C0]  do_timer_settime+0x37f/0x3e0
[   58.765542][    C0]  ? __pfx_do_timer_settime+0x10/0x10
[   58.767580][    C0]  ? rcu_is_watching+0x15/0xb0
[   58.769424][    C0]  __x64_sys_timer_settime+0x19e/0x240
[   58.771394][    C0]  ? __pfx___x64_sys_timer_settime+0x10/0x10
[   58.773494][    C0]  ? do_syscall_64+0x100/0x230
[   58.775193][    C0]  ? do_syscall_64+0xb6/0x230
[   58.776857][    C0]  do_syscall_64+0xf3/0x230
[   58.778530][    C0]  ? clear_bhb_loop+0x35/0x90
[   58.780131][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.782046][    C0] RIP: 0033:0x7fe89f185d19
[   58.783717][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.790800][    C0] RSP: 002b:00007fe8a0069038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df
[   58.793751][    C0] RAX: ffffffffffffffda RBX: 00007fe89f376080 RCX: 00007fe89f185d19
[   58.796739][    C0] RDX: 0000000020040fe0 RSI: 0000000000000000 RDI: 0000000000000000
[   58.799736][    C0] RBP: 00007fe89f201a20 R08: 0000000000000000 R09: 0000000000000000
[   58.802806][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   58.805669][    C0] R13: 0000000000000000 R14: 00007fe89f376080 R15: 00007ffe23b32458
[   58.808630][    C0]  </TASK>
[   58.809823][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   58.812524][    C0] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[   58.816042][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.820119][    C0] Call Trace:
[   58.821469][    C0]  <IRQ>
[   58.822646][    C0]  dump_stack_lvl+0x241/0x360
[   58.824534][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.826584][    C0]  ? __pfx__printk+0x10/0x10
[   58.828454][    C0]  ? _printk+0xd5/0x120
[   58.830123][    C0]  ? __init_begin+0x41000/0x41000
[   58.832070][    C0]  ? vscnprintf+0x5d/0x90
[   58.833709][    C0]  panic+0x349/0x880
[   58.835192][    C0]  ? __warn+0x174/0x4d0
[   58.836771][    C0]  ? __pfx_panic+0x10/0x10
[   58.838480][    C0]  __warn+0x344/0x4d0
[   58.839978][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   58.842216][    C0]  report_bug+0x2b3/0x500
[   58.843794][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   58.845885][    C0]  handle_bug+0x60/0x90
[   58.847483][    C0]  exc_invalid_op+0x1a/0x50
[   58.849269][    C0]  asm_exc_invalid_op+0x1a/0x20
[   58.851193][    C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0
[   58.853593][    C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7
[   58.860845][    C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010082
[   58.863347][    C0] RAX: dffffc0000000000 RBX: 1ffff11008708203 RCX: ffff888000bb2440
[   58.866425][    C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000
[   58.869342][    C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff11003df15c8
[   58.872421][    C0] R10: dffffc0000000000 R11: ffffed1003df15c9 R12: ffff888043841000
[   58.875410][    C0] R13: 1ffff11008708210 R14: ffff888043841018 R15: ffff8880438410c0
[   58.878183][    C0]  ? prepare_signal+0x6c0/0xc90
[   58.879897][    C0]  ? posixtimer_send_sigqueue+0xd3/0xce0
[   58.881977][    C0]  ? __pfx_posixtimer_send_sigqueue+0x10/0x10
[   58.884265][    C0]  posix_timer_fn+0xe2/0x160
[   58.886042][    C0]  ? __pfx_posix_timer_fn+0x10/0x10
[   58.888032][    C0]  __hrtimer_run_queues+0x59b/0xd30
[   58.890065][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   58.892184][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   58.894177][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[   58.896424][    C0]  hrtimer_interrupt+0x403/0xa40
[   58.898274][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[   58.900568][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   58.902732][    C0]  </IRQ>
[   58.903904][    C0]  <TASK>
[   58.905059][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   58.907374][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[   58.909740][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 3e f4 3a f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 53 a7 a2 f5 65 8b 05 f4 0a 39 74 85 c0 74 43 48 c7 04 24 0e 36
[   58.916937][    C0] RSP: 0018:ffffc9000d537c60 EFLAGS: 00000206
[   58.919168][    C0] RAX: 7d797fed4b189400 RBX: 1ffff92001aa6f90 RCX: ffffffff9a3a8903
[   58.922190][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: 0000000000000001
[   58.925147][    C0] RBP: ffffc9000d537cf0 R08: ffffffff90196577 R09: 1ffffffff2032cae
[   58.928062][    C0] R10: dffffc0000000000 R11: fffffbfff2032caf R12: dffffc0000000000
[   58.930881][    C0] R13: 1ffff92001aa6f8c R14: ffffc9000d537c80 R15: 0000000000000246
[   58.933728][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.936045][    C0]  do_timer_settime+0x37f/0x3e0
[   58.937853][    C0]  ? __pfx_do_timer_settime+0x10/0x10
[   58.939885][    C0]  ? rcu_is_watching+0x15/0xb0
[   58.941682][    C0]  __x64_sys_timer_settime+0x19e/0x240
[   58.943728][    C0]  ? __pfx___x64_sys_timer_settime+0x10/0x10
[   58.946087][    C0]  ? do_syscall_64+0x100/0x230
[   58.947997][    C0]  ? do_syscall_64+0xb6/0x230
[   58.949777][    C0]  do_syscall_64+0xf3/0x230
[   58.951480][    C0]  ? clear_bhb_loop+0x35/0x90
[   58.953275][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.955862][    C0] RIP: 0033:0x7fe89f185d19
[   58.957675][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.965087][    C0] RSP: 002b:00007fe8a0069038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df
[   58.968375][    C0] RAX: ffffffffffffffda RBX: 00007fe89f376080 RCX: 00007fe89f185d19
[   58.971415][    C0] RDX: 0000000020040fe0 RSI: 0000000000000000 RDI: 0000000000000000
[   58.974344][    C0] RBP: 00007fe89f201a20 R08: 0000000000000000 R09: 0000000000000000
[   58.977318][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   58.980267][    C0] R13: 0000000000000000 R14: 00007fe89f376080 R15: 00007ffe23b32458
[   58.983242][    C0]  </TASK>
[   58.984914][    C0] Kernel Offset: disabled
[   58.986725][    C0] Rebooting in 86400 seconds..