program: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) (async, rerun: 64) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0xc5}, &(0x7f0000000300)=0x8) (rerun: 64) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000600)={r1, @in6={{0xa, 0x4e21, 0x6e51d197, @private1, 0x9f}}}, 0x84) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000040)={0x7, 0x7, 0xffffffffffffffff}, &(0x7f0000000080)=0x28) (async, rerun: 32) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xf0) (rerun: 32) setsockopt$ax25_int(r2, 0x101, 0xa, &(0x7f0000000000)=0xbb81, 0x4) (async, rerun: 32) r3 = socket$inet6(0xa, 0x2, 0x0) (rerun: 32) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8) (async) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000001c0), 0x4) (async) r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000280)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r6, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r8, r7, 0x0, 0x0, 0xdead, 0x8, &(0x7f0000000240)}) (async) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f014, 0x105}) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0) (async) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) (async) recvmmsg(r4, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 128.684142][ T5319] Bluetooth: hci0: command tx timeout [ 128.798360][ T5341] iommufd_mock iommufd_mock0: Adding to iommu group 11 [ 128.815036][ T5340] ------------[ cut here ]------------ [ 128.817679][ T5340] !iommu_table->driver_ops || !iommu_table->driver_ops->change_top || !iommu_table->driver_ops->get_top_lock [ 128.817692][ T5340] WARNING: drivers/iommu/generic_pt/fmt/../iommu_pt.h:1272 at pt_iommu_amdv1_init+0x637/0x9f0, CPU#0: syz.0.0/5340 [ 128.826995][ T5340] Modules linked in: [ 128.828625][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 128.832429][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 128.836818][ T5340] RIP: 0010:pt_iommu_amdv1_init+0x637/0x9f0 [ 128.839421][ T5340] Code: 48 89 df 44 89 fa e8 08 06 00 00 48 89 c3 48 3d 01 f0 ff ff 72 1e e8 18 d1 6e fc eb 5e e8 11 d1 6e fc eb 05 e8 0a d1 6e fc 90 <0f> 0b 90 bb ea ff ff ff eb 47 e8 fa d0 6e fc 43 80 7c 35 00 00 74 [ 128.847836][ T5340] RSP: 0018:ffffc9000f6dfa20 EFLAGS: 00010293 [ 128.850361][ T5340] RAX: ffffffff855652af RBX: 0000000000000000 RCX: ffff88801cf9ca00 [ 128.853847][ T5340] RDX: 0000000000000000 RSI: 0000000000000034 RDI: 0000000000000000 [ 128.857440][ T5340] RBP: ffff888033162278 R08: ffff88803316229f R09: 0000000000000000 [ 128.860814][ T5340] R10: ffff888033162270 R11: ffffed100662c454 R12: ffff888033162290 [ 128.864136][ T5340] R13: 1ffff1100662c452 R14: dffffc0000000000 R15: 0000000000000cc0 [ 128.867587][ T5340] FS: 00007f7a307c76c0(0000) GS:ffff88808c826000(0000) knlGS:0000000000000000 [ 128.871109][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.873744][ T5340] CR2: 00007f7a30785d58 CR3: 0000000038371000 CR4: 0000000000352ef0 [ 128.877027][ T5340] Call Trace: [ 128.878530][ T5340] [ 128.879911][ T5340] mock_domain_alloc_paging_flags+0x3bd/0x780 [ 128.882520][ T5340] ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10 [ 128.885562][ T5340] ? _raw_spin_unlock+0x28/0x50 [ 128.887900][ T5340] ? _iommufd_object_alloc+0x187/0x210 [ 128.890337][ T5340] ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10 [ 128.892987][ T5340] iommufd_hwpt_paging_alloc+0x3ab/0x830 [ 128.895071][ T5340] iommufd_hwpt_alloc+0x496/0xc10 [ 128.897340][ T5340] ? __pfx_iommufd_hwpt_alloc+0x10/0x10 [ 128.899579][ T5340] iommufd_fops_ioctl+0x4b5/0x5d0 [ 128.901974][ T5340] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 128.904372][ T5340] ? __fget_files+0x2a/0x420 [ 128.906418][ T5340] ? __fget_files+0x2a/0x420 [ 128.908323][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 128.910819][ T5340] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 128.913649][ T5340] __se_sys_ioctl+0xfc/0x170 [ 128.915627][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.918323][ T5340] do_syscall_64+0x15f/0xf80 [ 128.920578][ T5340] ? trace_irq_disable+0x3b/0x140 [ 128.923403][ T5340] ? clear_bhb_loop+0x40/0x90 [ 128.925518][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.928154][ T5340] RIP: 0033:0x7f7a2f99c819 [ 128.930171][ T5340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.938724][ T5340] RSP: 002b:00007f7a307c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.942435][ T5340] RAX: ffffffffffffffda RBX: 00007f7a2fc15fa0 RCX: 00007f7a2f99c819 [ 128.946039][ T5340] RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000048 [ 128.949528][ T5340] RBP: 00007f7a2fa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 128.953124][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.956619][ T5340] R13: 00007f7a2fc16038 R14: 00007f7a2fc15fa0 R15: 00007ffd48f74268 [ 128.959792][ T5340] [ 128.961149][ T5340] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 128.964254][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 128.968280][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 128.972509][ T5340] Call Trace: [ 128.973972][ T5340] [ 128.975378][ T5340] vpanic+0x56c/0xa60 [ 128.977358][ T5340] ? __pfx__printk+0x10/0x10 [ 128.979342][ T5340] ? __pfx_vpanic+0x10/0x10 [ 128.981293][ T5340] ? is_bpf_text_address+0x292/0x2b0 [ 128.983524][ T5340] ? is_bpf_text_address+0x26/0x2b0 [ 128.985722][ T5340] panic+0xc5/0xd0 [ 128.987313][ T5340] ? __pfx_panic+0x10/0x10 [ 128.989199][ T5340] __warn+0x315/0x4c0 [ 128.990872][ T5340] ? pt_iommu_amdv1_init+0x637/0x9f0 [ 128.993089][ T5340] ? pt_iommu_amdv1_init+0x637/0x9f0 [ 128.995369][ T5340] __report_bug+0x29a/0x540 [ 128.997246][ T5340] ? pt_iommu_amdv1_init+0x637/0x9f0 [ 128.999466][ T5340] ? __pfx___report_bug+0x10/0x10 [ 129.001664][ T5340] ? iommufd_hwpt_alloc+0x496/0xc10 [ 129.003849][ T5340] ? iommufd_fops_ioctl+0x4b5/0x5d0 [ 129.005968][ T5340] ? __se_sys_ioctl+0xfc/0x170 [ 129.007977][ T5340] ? do_syscall_64+0x15f/0xf80 [ 129.010124][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.012716][ T5340] ? pt_iommu_amdv1_init+0x637/0x9f0 [ 129.015080][ T5340] report_bug+0x16a/0x220 [ 129.017298][ T5340] ? pt_iommu_amdv1_init+0x637/0x9f0 [ 129.019939][ T5340] ? pt_iommu_amdv1_init+0x639/0x9f0 [ 129.022177][ T5340] handle_bug+0x9c/0x200 [ 129.023897][ T5340] exc_invalid_op+0x1a/0x50 [ 129.025907][ T5340] asm_exc_invalid_op+0x1a/0x20 [ 129.028037][ T5340] RIP: 0010:pt_iommu_amdv1_init+0x637/0x9f0 [ 129.030522][ T5340] Code: 48 89 df 44 89 fa e8 08 06 00 00 48 89 c3 48 3d 01 f0 ff ff 72 1e e8 18 d1 6e fc eb 5e e8 11 d1 6e fc eb 05 e8 0a d1 6e fc 90 <0f> 0b 90 bb ea ff ff ff eb 47 e8 fa d0 6e fc 43 80 7c 35 00 00 74 [ 129.038249][ T5340] RSP: 0018:ffffc9000f6dfa20 EFLAGS: 00010293 [ 129.040756][ T5340] RAX: ffffffff855652af RBX: 0000000000000000 RCX: ffff88801cf9ca00 [ 129.043980][ T5340] RDX: 0000000000000000 RSI: 0000000000000034 RDI: 0000000000000000 [ 129.047424][ T5340] RBP: ffff888033162278 R08: ffff88803316229f R09: 0000000000000000 [ 129.050624][ T5340] R10: ffff888033162270 R11: ffffed100662c454 R12: ffff888033162290 [ 129.053897][ T5340] R13: 1ffff1100662c452 R14: dffffc0000000000 R15: 0000000000000cc0 [ 129.057268][ T5340] ? pt_iommu_amdv1_init+0x62f/0x9f0 [ 129.059413][ T5340] mock_domain_alloc_paging_flags+0x3bd/0x780 [ 129.061901][ T5340] ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10 [ 129.064680][ T5340] ? _raw_spin_unlock+0x28/0x50 [ 129.066703][ T5340] ? _iommufd_object_alloc+0x187/0x210 [ 129.068938][ T5340] ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10 [ 129.071748][ T5340] iommufd_hwpt_paging_alloc+0x3ab/0x830 [ 129.074207][ T5340] iommufd_hwpt_alloc+0x496/0xc10 [ 129.076525][ T5340] ? __pfx_iommufd_hwpt_alloc+0x10/0x10 [ 129.078815][ T5340] iommufd_fops_ioctl+0x4b5/0x5d0 [ 129.081055][ T5340] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 129.083408][ T5340] ? __fget_files+0x2a/0x420 [ 129.085459][ T5340] ? __fget_files+0x2a/0x420 [ 129.087399][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 129.089500][ T5340] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 129.091840][ T5340] __se_sys_ioctl+0xfc/0x170 [ 129.093830][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.096477][ T5340] do_syscall_64+0x15f/0xf80 [ 129.098587][ T5340] ? trace_irq_disable+0x3b/0x140 [ 129.100684][ T5340] ? clear_bhb_loop+0x40/0x90 [ 129.102648][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.105147][ T5340] RIP: 0033:0x7f7a2f99c819 [ 129.107129][ T5340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.114677][ T5340] RSP: 002b:00007f7a307c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.118029][ T5340] RAX: ffffffffffffffda RBX: 00007f7a2fc15fa0 RCX: 00007f7a2f99c819 [ 129.121197][ T5340] RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000048 [ 129.124532][ T5340] RBP: 00007f7a2fa32c91 R08: 0000000000000000 R09: 0000000000000000 [ 129.127818][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.131045][ T5340] R13: 00007f7a2fc16038 R14: 00007f7a2fc15fa0 R15: 00007ffd48f74268 [ 129.134180][ T5340] [ 129.135694][ T5340] Kernel Offset: disabled [ 129.137434][ T5340] Rebooting in 86400 seconds..