program: r0 = socket(0x1e, 0x4, 0x0) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x2000}, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f0000000180)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@dax_never}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==") syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040e0c00031000"], 0xf) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000340)="0b000000010001", 0x7) syz_emit_vhci(&(0x7f0000000980)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc9, 0x82}}}, 0x7) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x60, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x1c) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) creat(&(0x7f0000000100)='./file0\x00', 0x1c) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r7, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r8 = dup(r7) write$FUSE_BMAP(r8, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) write$FUSE_DIRENTPLUS(r8, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r8, &(0x7f0000000180)=ANY=[@ANYRES64=r8], 0x10) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@posixacl}]}}) r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000180), r5) sendmsg$NET_DM_CMD_START(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r9, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000) [ 85.529867][ T45] Bluetooth: hci0: command tx timeout [ 85.571455][ T5369] loop0: detected capacity change from 0 to 512 [ 85.596237][ T5369] ======================================================= [ 85.596237][ T5369] WARNING: The mand mount option has been deprecated and [ 85.596237][ T5369] and is ignored by this kernel. Remove the mand [ 85.596237][ T5369] option from the mount to silence this warning. [ 85.596237][ T5369] ======================================================= [ 85.639668][ T5369] EXT4-fs (loop0): blocks per group (71) and clusters per group (20800) inconsistent [ 85.676047][ T5369] Bluetooth: MGMT ver 1.23 [ 85.774669][ T5370] ------------[ cut here ]------------ [ 85.777070][ T5370] WARNING: CPU: 0 PID: 5370 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.781225][ T5370] Modules linked in: [ 85.783514][ T5370] CPU: 0 UID: 0 PID: 5370 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.787252][ T5370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.791423][ T5370] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.794548][ T5370] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ac 06 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.802504][ T5370] RSP: 0018:ffffc9000d4178c0 EFLAGS: 00010246 [ 85.804985][ T5370] RAX: ffffc9000d417900 RBX: 0000000000000032 RCX: 0000000000000000 [ 85.808005][ T5370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d417928 [ 85.811380][ T5370] RBP: ffffc9000d4179c0 R08: ffffc9000d417927 R09: 0000000000000000 [ 85.814942][ T5370] R10: ffffc9000d417900 R11: fffff52001a82f25 R12: 0000000000000000 [ 85.818393][ T5370] R13: 1ffff92001a82f1c R14: 0000000000040d40 R15: dffffc0000000000 [ 85.821724][ T5370] FS: 00007fa65b2d86c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.825593][ T5370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.828365][ T5370] CR2: 0000200000002100 CR3: 00000000426ae000 CR4: 0000000000352ef0 [ 85.832026][ T5370] Call Trace: [ 85.833735][ T5370] [ 85.834988][ T5370] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.837667][ T5370] ? kfree+0x18e/0x440 [ 85.839370][ T5370] ? policy_nodemask+0x27c/0x720 [ 85.841332][ T5370] ? p9_client_clunk+0x1b6/0x250 [ 85.843498][ T5370] alloc_pages_mpol+0x232/0x4a0 [ 85.845654][ T5370] ___kmalloc_large_node+0x5f/0x1b0 [ 85.847841][ T5370] __kmalloc_large_node_noprof+0x18/0x90 [ 85.850319][ T5370] __kmalloc_noprof+0x36f/0x4f0 [ 85.852278][ T5370] ? v9fs_fid_get_acl+0x4f/0x100 [ 85.854638][ T5370] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 85.857044][ T5370] v9fs_fid_get_acl+0x4f/0x100 [ 85.859145][ T5370] v9fs_get_acl+0x9a/0x360 [ 85.861136][ T5370] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 85.863652][ T5370] v9fs_mount+0x6eb/0xa50 [ 85.865616][ T5370] ? __pfx_v9fs_mount+0x10/0x10 [ 85.868017][ T5370] legacy_get_tree+0xfd/0x1a0 [ 85.869930][ T5370] ? __pfx_v9fs_mount+0x10/0x10 [ 85.871848][ T5370] vfs_get_tree+0x8f/0x2b0 [ 85.874161][ T5370] do_new_mount+0x2a2/0x9e0 [ 85.876172][ T5370] ? ns_capable+0x8a/0xf0 [ 85.877959][ T5370] ? __pfx_do_new_mount+0x10/0x10 [ 85.880077][ T5370] ? path_mount+0x61c/0xfe0 [ 85.882006][ T5370] ? user_path_at+0x44/0x60 [ 85.883999][ T5370] __se_sys_mount+0x317/0x410 [ 85.886069][ T5370] ? __pfx___se_sys_mount+0x10/0x10 [ 85.888291][ T5370] ? rcu_is_watching+0x15/0xb0 [ 85.890389][ T5370] ? do_syscall_64+0xbe/0x3b0 [ 85.892280][ T5370] ? __x64_sys_mount+0x20/0xc0 [ 85.894424][ T5370] do_syscall_64+0xfa/0x3b0 [ 85.896313][ T5370] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.898467][ T5370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.900885][ T5370] ? clear_bhb_loop+0x60/0xb0 [ 85.902910][ T5370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.905496][ T5370] RIP: 0033:0x7fa65a38eec9 [ 85.907374][ T5370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.916086][ T5370] RSP: 002b:00007fa65b2d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.919495][ T5370] RAX: ffffffffffffffda RBX: 00007fa65a5e6090 RCX: 00007fa65a38eec9 [ 85.922799][ T5370] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 85.926123][ T5370] RBP: 00007fa65a411f91 R08: 0000200000000500 R09: 0000000000000000 [ 85.929463][ T5370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.932743][ T5370] R13: 00007fa65a5e6128 R14: 00007fa65a5e6090 R15: 00007ffd63375e18 [ 85.935990][ T5370] [ 85.937297][ T5370] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.940319][ T5370] CPU: 0 UID: 0 PID: 5370 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.943999][ T5370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.948442][ T5370] Call Trace: [ 85.949868][ T5370] [ 85.951172][ T5370] dump_stack_lvl+0x99/0x250 [ 85.953135][ T5370] ? __asan_memcpy+0x40/0x70 [ 85.954980][ T5370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.957123][ T5370] ? __pfx__printk+0x10/0x10 [ 85.959127][ T5370] vpanic+0x281/0x750 [ 85.960833][ T5370] ? __pfx__printk+0x10/0x10 [ 85.962807][ T5370] ? __pfx_vpanic+0x10/0x10 [ 85.964675][ T5370] ? is_bpf_text_address+0x26/0x2b0 [ 85.966727][ T5370] panic+0xb9/0xc0 [ 85.968360][ T5370] ? __pfx_panic+0x10/0x10 [ 85.970351][ T5370] __warn+0x31b/0x4b0 [ 85.972119][ T5370] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.974738][ T5370] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.977314][ T5370] report_bug+0x2be/0x4f0 [ 85.979219][ T5370] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.981865][ T5370] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.984558][ T5370] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 85.987222][ T5370] handle_bug+0x84/0x160 [ 85.989111][ T5370] exc_invalid_op+0x1a/0x50 [ 85.991030][ T5370] asm_exc_invalid_op+0x1a/0x20 [ 85.993187][ T5370] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.996056][ T5370] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ac 06 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 86.004145][ T5370] RSP: 0018:ffffc9000d4178c0 EFLAGS: 00010246 [ 86.006582][ T5370] RAX: ffffc9000d417900 RBX: 0000000000000032 RCX: 0000000000000000 [ 86.009849][ T5370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d417928 [ 86.013749][ T5370] RBP: ffffc9000d4179c0 R08: ffffc9000d417927 R09: 0000000000000000 [ 86.017887][ T5370] R10: ffffc9000d417900 R11: fffff52001a82f25 R12: 0000000000000000 [ 86.021136][ T5370] R13: 1ffff92001a82f1c R14: 0000000000040d40 R15: dffffc0000000000 [ 86.024426][ T5370] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 86.027149][ T5370] ? kfree+0x18e/0x440 [ 86.028901][ T5370] ? policy_nodemask+0x27c/0x720 [ 86.031003][ T5370] ? p9_client_clunk+0x1b6/0x250 [ 86.033119][ T5370] alloc_pages_mpol+0x232/0x4a0 [ 86.035125][ T5370] ___kmalloc_large_node+0x5f/0x1b0 [ 86.037402][ T5370] __kmalloc_large_node_noprof+0x18/0x90 [ 86.039776][ T5370] __kmalloc_noprof+0x36f/0x4f0 [ 86.041776][ T5370] ? v9fs_fid_get_acl+0x4f/0x100 [ 86.043878][ T5370] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 86.046636][ T5370] v9fs_fid_get_acl+0x4f/0x100 [ 86.048760][ T5370] v9fs_get_acl+0x9a/0x360 [ 86.050663][ T5370] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 86.053052][ T5370] v9fs_mount+0x6eb/0xa50 [ 86.054965][ T5370] ? __pfx_v9fs_mount+0x10/0x10 [ 86.057174][ T5370] legacy_get_tree+0xfd/0x1a0 [ 86.059239][ T5370] ? __pfx_v9fs_mount+0x10/0x10 [ 86.061407][ T5370] vfs_get_tree+0x8f/0x2b0 [ 86.063390][ T5370] do_new_mount+0x2a2/0x9e0 [ 86.065374][ T5370] ? ns_capable+0x8a/0xf0 [ 86.067184][ T5370] ? __pfx_do_new_mount+0x10/0x10 [ 86.069418][ T5370] ? path_mount+0x61c/0xfe0 [ 86.071527][ T5370] ? user_path_at+0x44/0x60 [ 86.073481][ T5370] __se_sys_mount+0x317/0x410 [ 86.075521][ T5370] ? __pfx___se_sys_mount+0x10/0x10 [ 86.077702][ T5370] ? rcu_is_watching+0x15/0xb0 [ 86.079705][ T5370] ? do_syscall_64+0xbe/0x3b0 [ 86.081765][ T5370] ? __x64_sys_mount+0x20/0xc0 [ 86.083885][ T5370] do_syscall_64+0xfa/0x3b0 [ 86.085777][ T5370] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.087930][ T5370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.090412][ T5370] ? clear_bhb_loop+0x60/0xb0 [ 86.092388][ T5370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.094845][ T5370] RIP: 0033:0x7fa65a38eec9 [ 86.096860][ T5370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.104732][ T5370] RSP: 002b:00007fa65b2d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.108242][ T5370] RAX: ffffffffffffffda RBX: 00007fa65a5e6090 RCX: 00007fa65a38eec9 [ 86.111475][ T5370] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 86.114860][ T5370] RBP: 00007fa65a411f91 R08: 0000200000000500 R09: 0000000000000000 [ 86.118165][ T5370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.121480][ T5370] R13: 00007fa65a5e6128 R14: 00007fa65a5e6090 R15: 00007ffd63375e18 [ 86.124860][ T5370] [ 86.126504][ T5370] Kernel Offset: disabled [ 86.128339][ T5370] Rebooting in 86400 seconds..