program: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80414, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x800000007ffffffe}, 0x0, 0x2, 0xffffffff, 0x4, 0x5, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = gettid() tkill(r3, 0x13) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x4}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000600)={[{@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@uni_xlate}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@utf8no}, {@uni_xlate}, {@uni_xlate}, {@utf8no}, {@utf8no}]}, 0x1, 0x23f, &(0x7f00000002c0)="$eJzs2r+LXFUUB/Dz1kjihs2s+IsExIsWavPY3doiiyQgLiiaEaIgeXHf6DDPmWXesDAiZitt/ROsxdJOkJQ229jYWthts2CTQnySnZjNmrEQmZmQfD7NHLjz5Z7LHS6nmIPXvv6016nzTjGKpSyLpYuxF7eyWI2l+NtevPry1Z+ef/fq+29ubm1deiely5tX1jdSSude+PGDz7978ebo7Hvfn/vhdOyvfnhwuPHb/rP75w/+vPJJt07dOvUHo1Sk64PBqLhelWm7W/fylN6uyqIuU7dfl8MT651qsLMzTkV/e2V5Z1jWdSr649Qrx2k0SKPhOBUfF91+yvM8rSwH/0f721tNE4fN49eiaZonvomzN2Pl12hF9mTKnrqYPXMte24vO3/YNK1Ft8pMuP9H2z2P+pmI6qvd9m578jlZ3+xEN6ooYy1a8Ufc/pnczTZN01x+Y+vSWjqyGl9WN+7kb+y2HzuZX49WrE4yE8f59Uk+ncyfjuV78xvRiqen5zem5s/EKy/dzq/9cqfdVvz8UQyiiu2j3o/zX6yn9PpbW//IXzj6HgDAwyZPd02d3/L839Yn+Snz4X3z2drU+exUXDi12LMTUY8/6xVVVQ5nXizPca9HoohscoXz3X3pgTi7YubFfU/F7838nydm7PjSF90JAAAAAAAAAAAA/8U8/k646DMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtr8CAAD//4wyy70=") renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) r4 = creat(&(0x7f0000000240)='./file0\x00', 0x60) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000007c0)={0x0, 0x0, 0x1000000, 0x8}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) (async) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80414, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x800000007ffffffe}, 0x0, 0x2, 0xffffffff, 0x4, 0x5, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9) (async) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f00009b1ffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) gettid() (async) tkill(r3, 0x13) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x4}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) (async) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000600)={[{@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@uni_xlate}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'iso8859-7'}}, {@utf8no}, {@uni_xlate}, {@uni_xlate}, {@utf8no}, {@utf8no}]}, 0x1, 0x23f, &(0x7f00000002c0)="$eJzs2r+LXFUUB/Dz1kjihs2s+IsExIsWavPY3doiiyQgLiiaEaIgeXHf6DDPmWXesDAiZitt/ROsxdJOkJQ229jYWthts2CTQnySnZjNmrEQmZmQfD7NHLjz5Z7LHS6nmIPXvv6016nzTjGKpSyLpYuxF7eyWI2l+NtevPry1Z+ef/fq+29ubm1deiely5tX1jdSSude+PGDz7978ebo7Hvfn/vhdOyvfnhwuPHb/rP75w/+vPJJt07dOvUHo1Sk64PBqLhelWm7W/fylN6uyqIuU7dfl8MT651qsLMzTkV/e2V5Z1jWdSr649Qrx2k0SKPhOBUfF91+yvM8rSwH/0f721tNE4fN49eiaZonvomzN2Pl12hF9mTKnrqYPXMte24vO3/YNK1Ft8pMuP9H2z2P+pmI6qvd9m578jlZ3+xEN6ooYy1a8Ufc/pnczTZN01x+Y+vSWjqyGl9WN+7kb+y2HzuZX49WrE4yE8f59Uk+ncyfjuV78xvRiqen5zem5s/EKy/dzq/9cqfdVvz8UQyiiu2j3o/zX6yn9PpbW//IXzj6HgDAwyZPd02d3/L839Yn+Snz4X3z2drU+exUXDi12LMTUY8/6xVVVQ5nXizPca9HoohscoXz3X3pgTi7YubFfU/F7838nydm7PjSF90JAAAAAAAAAAAA/8U8/k646DMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtr8CAAD//4wyy70=") (async) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) (async) creat(&(0x7f0000000240)='./file0\x00', 0x60) (async) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000007c0)={0x0, 0x0, 0x1000000, 0x8}) (async) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) (async) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0) (async) [ 75.655208][ T4661] Bluetooth: hci0: command tx timeout [ 75.786531][ T5320] loop0: detected capacity change from 0 to 128 [ 75.850990][ C0] ------------[ cut here ]------------ [ 75.853297][ C0] WARNING: CPU: 0 PID: 0 at kernel/signal.c:2050 posixtimer_send_sigqueue+0xa08/0xce0 [ 75.856993][ C0] Modules linked in: [ 75.858523][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 75.862461][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.866505][ C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0 [ 75.869015][ C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7 [ 75.876059][ C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010082 [ 75.878369][ C0] RAX: dffffc0000000000 RBX: 1ffff11008b29203 RCX: ffffffff8e6965c0 [ 75.881347][ C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000 [ 75.884458][ C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff110001c9a50 [ 75.887348][ C0] R10: dffffc0000000000 R11: ffffed10001c9a51 R12: ffff888045949000 [ 75.890371][ C0] R13: 1ffff11008b29210 R14: ffff888045949018 R15: ffff8880459490c0 [ 75.893414][ C0] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 75.896568][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.899074][ C0] CR2: 000055fcc35eb360 CR3: 0000000034802000 CR4: 0000000000352ef0 [ 75.902128][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.905086][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.907975][ C0] Call Trace: [ 75.909207][ C0] [ 75.910242][ C0] ? __warn+0x165/0x4d0 [ 75.911838][ C0] ? posixtimer_send_sigqueue+0xa08/0xce0 [ 75.914014][ C0] ? report_bug+0x2b3/0x500 [ 75.915790][ C0] ? posixtimer_send_sigqueue+0xa08/0xce0 [ 75.917871][ C0] ? handle_bug+0x60/0x90 [ 75.919565][ C0] ? exc_invalid_op+0x1a/0x50 [ 75.921285][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 75.923191][ C0] ? prepare_signal+0x6c0/0xc90 [ 75.925082][ C0] ? posixtimer_send_sigqueue+0xa08/0xce0 [ 75.927353][ C0] ? posixtimer_send_sigqueue+0xd3/0xce0 [ 75.929572][ C0] ? __pfx_posixtimer_send_sigqueue+0x10/0x10 [ 75.931736][ C0] posix_timer_fn+0xe2/0x160 [ 75.933426][ C0] ? __pfx_posix_timer_fn+0x10/0x10 [ 75.935275][ C0] __hrtimer_run_queues+0x59b/0xd30 [ 75.936972][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 75.939136][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 75.941030][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 75.943346][ C0] hrtimer_interrupt+0x403/0xa40 [ 75.945217][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 75.947570][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 75.949744][ C0] [ 75.950891][ C0] [ 75.952074][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 75.954326][ C0] RIP: 0010:default_idle+0x13/0x20 [ 75.956198][ C0] Code: 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 4b 3d 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 [ 75.964075][ C0] RSP: 0018:ffffffff8e607d68 EFLAGS: 000002c2 [ 75.966442][ C0] RAX: f1f939b7247afc00 RBX: ffffffff817431ec RCX: 000000000000a381 [ 75.969233][ C0] RDX: 0000000000000001 RSI: ffffffff8c0a9760 RDI: ffffffff8c5f9780 [ 75.972099][ C0] RBP: ffffffff8e607eb8 R08: ffff88801fc37cdb R09: 1ffff11003f86f9b [ 75.974941][ C0] R10: dffffc0000000000 R11: ffffed1003f86f9c R12: 1ffffffff1cc0fc6 [ 75.977822][ C0] R13: 1ffffffff1cd2cb8 R14: 0000000000000000 R15: dffffc0000000000 [ 75.980816][ C0] ? do_idle+0x22c/0x5c0 [ 75.982433][ C0] default_idle_call+0x74/0xb0 [ 75.984223][ C0] do_idle+0x22c/0x5c0 [ 75.985703][ C0] ? __pfx___schedule+0x10/0x10 [ 75.987505][ C0] ? __pfx_do_idle+0x10/0x10 [ 75.989267][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.991828][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.994498][ C0] ? rest_init+0x31/0x300 [ 75.996143][ C0] ? rest_init+0x31/0x300 [ 75.997713][ C0] cpu_startup_entry+0x42/0x60 [ 75.999572][ C0] rest_init+0x2dc/0x300 [ 76.001407][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 76.003483][ C0] start_kernel+0x47f/0x500 [ 76.005187][ C0] x86_64_start_reservations+0x2a/0x30 [ 76.007208][ C0] x86_64_start_kernel+0x9f/0xa0 [ 76.008972][ C0] common_startup_64+0x13e/0x147 [ 76.010798][ C0] [ 76.012019][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.014946][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 76.018639][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.022840][ C0] Call Trace: [ 76.024088][ C0] [ 76.025154][ C0] dump_stack_lvl+0x241/0x360 [ 76.027067][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.029493][ C0] ? __pfx__printk+0x10/0x10 [ 76.031243][ C0] ? _printk+0xd5/0x120 [ 76.032820][ C0] ? __init_begin+0x41000/0x41000 [ 76.034748][ C0] ? vscnprintf+0x5d/0x90 [ 76.036345][ C0] panic+0x349/0x880 [ 76.037819][ C0] ? __warn+0x174/0x4d0 [ 76.039403][ C0] ? __pfx_panic+0x10/0x10 [ 76.041072][ C0] ? common_startup_64+0x13e/0x147 [ 76.043049][ C0] __warn+0x344/0x4d0 [ 76.044462][ C0] ? posixtimer_send_sigqueue+0xa08/0xce0 [ 76.046578][ C0] report_bug+0x2b3/0x500 [ 76.048193][ C0] ? posixtimer_send_sigqueue+0xa08/0xce0 [ 76.050415][ C0] handle_bug+0x60/0x90 [ 76.052010][ C0] exc_invalid_op+0x1a/0x50 [ 76.053708][ C0] asm_exc_invalid_op+0x1a/0x20 [ 76.055592][ C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0 [ 76.057943][ C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7 [ 76.065096][ C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010082 [ 76.067329][ C0] RAX: dffffc0000000000 RBX: 1ffff11008b29203 RCX: ffffffff8e6965c0 [ 76.070255][ C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000 [ 76.073072][ C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff110001c9a50 [ 76.075994][ C0] R10: dffffc0000000000 R11: ffffed10001c9a51 R12: ffff888045949000 [ 76.078974][ C0] R13: 1ffff11008b29210 R14: ffff888045949018 R15: ffff8880459490c0 [ 76.081755][ C0] ? prepare_signal+0x6c0/0xc90 [ 76.083709][ C0] ? posixtimer_send_sigqueue+0xd3/0xce0 [ 76.085808][ C0] ? __pfx_posixtimer_send_sigqueue+0x10/0x10 [ 76.087971][ C0] posix_timer_fn+0xe2/0x160 [ 76.089744][ C0] ? __pfx_posix_timer_fn+0x10/0x10 [ 76.091620][ C0] __hrtimer_run_queues+0x59b/0xd30 [ 76.093407][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 76.095419][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 76.097349][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 76.099641][ C0] hrtimer_interrupt+0x403/0xa40 [ 76.101497][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 76.103719][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 76.105747][ C0] [ 76.106858][ C0] [ 76.107988][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.110221][ C0] RIP: 0010:default_idle+0x13/0x20 [ 76.112173][ C0] Code: 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 4b 3d 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 [ 76.119283][ C0] RSP: 0018:ffffffff8e607d68 EFLAGS: 000002c2 [ 76.121462][ C0] RAX: f1f939b7247afc00 RBX: ffffffff817431ec RCX: 000000000000a381 [ 76.124143][ C0] RDX: 0000000000000001 RSI: ffffffff8c0a9760 RDI: ffffffff8c5f9780 [ 76.127076][ C0] RBP: ffffffff8e607eb8 R08: ffff88801fc37cdb R09: 1ffff11003f86f9b [ 76.130209][ C0] R10: dffffc0000000000 R11: ffffed1003f86f9c R12: 1ffffffff1cc0fc6 [ 76.133190][ C0] R13: 1ffffffff1cd2cb8 R14: 0000000000000000 R15: dffffc0000000000 [ 76.135853][ C0] ? do_idle+0x22c/0x5c0 [ 76.137453][ C0] default_idle_call+0x74/0xb0 [ 76.139235][ C0] do_idle+0x22c/0x5c0 [ 76.140735][ C0] ? __pfx___schedule+0x10/0x10 [ 76.142572][ C0] ? __pfx_do_idle+0x10/0x10 [ 76.144296][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 76.146447][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.148746][ C0] ? rest_init+0x31/0x300 [ 76.150382][ C0] ? rest_init+0x31/0x300 [ 76.151992][ C0] cpu_startup_entry+0x42/0x60 [ 76.153759][ C0] rest_init+0x2dc/0x300 [ 76.155375][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 76.157468][ C0] start_kernel+0x47f/0x500 [ 76.159187][ C0] x86_64_start_reservations+0x2a/0x30 [ 76.161254][ C0] x86_64_start_kernel+0x9f/0xa0 [ 76.163129][ C0] common_startup_64+0x13e/0x147 [ 76.165011][ C0] [ 76.166462][ C0] Kernel Offset: disabled [ 76.168193][ C0] Rebooting in 86400 seconds..