program:
r0 = socket(0x1d, 0x2, 0x6)
bind$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0xffffffff}, 0x10) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000600)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='\a'], 0x10) (async)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) (async, rerun: 32)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (rerun: 32)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) (async)
write$binfmt_elf32(r5, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r5, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x0) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x7, &(0x7f0000000100)=0x61ba, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

[   87.204537][   T45] Bluetooth: hci0: command tx timeout
[   87.432867][ T5331] TCP: out of memory -- consider tuning tcp_mem
[   87.461076][ T5331] ------------[ cut here ]------------
[   87.463694][ T5331] WARNING: CPU: 0 PID: 5331 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x623/0x730
[   87.468155][ T5331] Modules linked in:
[   87.470092][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[   87.476302][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.480866][ T5331] RIP: 0010:inet_sock_destruct+0x623/0x730
[   87.483586][ T5331] Code: 0f 0b 90 e9 62 fe ff ff e8 da d2 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 cc d2 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 be d2 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[   87.493825][ T5331] RSP: 0018:ffffc9000d32fc58 EFLAGS: 00010293
[   87.496907][ T5331] RAX: ffffffff89ee8c32 RBX: dffffc0000000000 RCX: ffff888000380000
[   87.500043][ T5331] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   87.503765][ T5331] RBP: 0000000080000000 R08: ffff88804338c25f R09: 1ffff1100867184b
[   87.507733][ T5331] R10: dffffc0000000000 R11: ffffed100867184c R12: ffff88804338bfc0
[   87.511442][ T5331] R13: dffffc0000000000 R14: ffff88804338c244 R15: 1ffff110086717fa
[   87.515757][ T5331] FS:  00007f03cc77b6c0(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000
[   87.520262][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.523232][ T5331] CR2: 000055d285a95660 CR3: 0000000043e8c000 CR4: 0000000000352ef0
[   87.526887][ T5331] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   87.531725][ T5331] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   87.536188][ T5331] Call Trace:
[   87.537756][ T5331]  <TASK>
[   87.539083][ T5331]  ? netlink_has_listeners+0x339/0x3f0
[   87.541586][ T5331]  ? __pfx_inet_sock_destruct+0x10/0x10
[   87.544121][ T5331]  __sk_destruct+0x86/0x660
[   87.546900][ T5331]  inet_release+0x187/0x210
[   87.549356][ T5331]  sock_close+0xc0/0x240
[   87.551646][ T5331]  ? __pfx_sock_close+0x10/0x10
[   87.554168][ T5331]  __fput+0x44c/0xa70
[   87.556266][ T5331]  task_work_run+0x1d1/0x260
[   87.558264][ T5331]  ? __pfx_task_work_run+0x10/0x10
[   87.560563][ T5331]  ? exit_to_user_mode_loop+0x40/0x110
[   87.563134][ T5331]  exit_to_user_mode_loop+0xec/0x110
[   87.565897][ T5331]  do_syscall_64+0x2bd/0x3b0
[   87.569701][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.572268][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.575054][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   87.577425][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.580310][ T5331] RIP: 0033:0x7f03cb98e929
[   87.582718][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.592157][ T5331] RSP: 002b:00007f03cc77b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   87.596888][ T5331] RAX: 0000000000000000 RBX: 00007f03cbbb5fa0 RCX: 00007f03cb98e929
[   87.600533][ T5331] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   87.604002][ T5331] RBP: 00007f03cba10b39 R08: 0000000000000000 R09: 0000000000000000
[   87.608233][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.612063][ T5331] R13: 0000000000000000 R14: 00007f03cbbb5fa0 R15: 00007ffe8d28d148
[   87.615744][ T5331]  </TASK>
[   87.617736][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.621644][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[   87.626853][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.631942][ T5331] Call Trace:
[   87.633918][ T5331]  <TASK>
[   87.635395][ T5331]  dump_stack_lvl+0x99/0x250
[   87.637504][ T5331]  ? __asan_memcpy+0x40/0x70
[   87.639640][ T5331]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.642065][ T5331]  ? __pfx__printk+0x10/0x10
[   87.644588][ T5331]  panic+0x2db/0x790
[   87.646979][ T5331]  ? __pfx_panic+0x10/0x10
[   87.649193][ T5331]  __warn+0x31b/0x4b0
[   87.651011][ T5331]  ? inet_sock_destruct+0x623/0x730
[   87.653488][ T5331]  ? inet_sock_destruct+0x623/0x730
[   87.655809][ T5331]  report_bug+0x2be/0x4f0
[   87.657930][ T5331]  ? inet_sock_destruct+0x623/0x730
[   87.660479][ T5331]  ? inet_sock_destruct+0x623/0x730
[   87.662934][ T5331]  ? inet_sock_destruct+0x625/0x730
[   87.665543][ T5331]  handle_bug+0x84/0x160
[   87.667601][ T5331]  exc_invalid_op+0x1a/0x50
[   87.669735][ T5331]  asm_exc_invalid_op+0x1a/0x20
[   87.672002][ T5331] RIP: 0010:inet_sock_destruct+0x623/0x730
[   87.674805][ T5331] Code: 0f 0b 90 e9 62 fe ff ff e8 da d2 d1 f7 90 0f 0b 90 e9 95 fe ff ff e8 cc d2 d1 f7 90 0f 0b 90 e9 bb fe ff ff e8 be d2 d1 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc
[   87.683574][ T5331] RSP: 0018:ffffc9000d32fc58 EFLAGS: 00010293
[   87.686431][ T5331] RAX: ffffffff89ee8c32 RBX: dffffc0000000000 RCX: ffff888000380000
[   87.690326][ T5331] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   87.694093][ T5331] RBP: 0000000080000000 R08: ffff88804338c25f R09: 1ffff1100867184b
[   87.697666][ T5331] R10: dffffc0000000000 R11: ffffed100867184c R12: ffff88804338bfc0
[   87.701263][ T5331] R13: dffffc0000000000 R14: ffff88804338c244 R15: 1ffff110086717fa
[   87.705350][ T5331]  ? inet_sock_destruct+0x622/0x730
[   87.707659][ T5331]  ? inet_sock_destruct+0x622/0x730
[   87.709882][ T5331]  ? netlink_has_listeners+0x339/0x3f0
[   87.712576][ T5331]  ? __pfx_inet_sock_destruct+0x10/0x10
[   87.715650][ T5331]  __sk_destruct+0x86/0x660
[   87.718200][ T5331]  inet_release+0x187/0x210
[   87.720560][ T5331]  sock_close+0xc0/0x240
[   87.722542][ T5331]  ? __pfx_sock_close+0x10/0x10
[   87.725018][ T5331]  __fput+0x44c/0xa70
[   87.726720][ T5331]  task_work_run+0x1d1/0x260
[   87.728801][ T5331]  ? __pfx_task_work_run+0x10/0x10
[   87.731233][ T5331]  ? exit_to_user_mode_loop+0x40/0x110
[   87.734101][ T5331]  exit_to_user_mode_loop+0xec/0x110
[   87.736729][ T5331]  do_syscall_64+0x2bd/0x3b0
[   87.738755][ T5331]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.741093][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.744029][ T5331]  ? clear_bhb_loop+0x60/0xb0
[   87.746517][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.749588][ T5331] RIP: 0033:0x7f03cb98e929
[   87.751666][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.760786][ T5331] RSP: 002b:00007f03cc77b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   87.764376][ T5331] RAX: 0000000000000000 RBX: 00007f03cbbb5fa0 RCX: 00007f03cb98e929
[   87.767846][ T5331] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   87.771538][ T5331] RBP: 00007f03cba10b39 R08: 0000000000000000 R09: 0000000000000000
[   87.775746][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.779287][ T5331] R13: 0000000000000000 R14: 00007f03cbbb5fa0 R15: 00007ffe8d28d148
[   87.782961][ T5331]  </TASK>
[   87.785930][ T5331] Kernel Offset: disabled
[   87.788281][ T5331] Rebooting in 86400 seconds..