program: r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000600)=[{{&(0x7f0000000100)={0x2, 0x0, @rand_addr=0x3}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)='`', 0x1}], 0x1}}, {{&(0x7f00000006c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000200)="ed", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="200000000000000084000204436152fefd2d3c8d94e9a60000000000000000000000000000000000000000adc8136b4ce6697677e665ebd1c0cfeb0db7da653594bbb9be9ce03d7915f0208a41c37f0dd983b8e75f6812898d3265665bd943675ea239e45ab26fec515df4613282ffad33bbc8b83ad80076b21ef342a42343d49f343728a1f4f0"], 0x20}}], 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r0) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="a80000ac", @ANYRES16=r2, @ANYBLOB="000429bd7000fbdbdf25450000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e0003000000080001007063690011000200303030303a30303a31302e300000000008008e0000000000080001007063690011000200303030303a30303a31302e300000000008008e0000000000080001007063690011000200303030303a30303a31302e300000000008008e0000000000"], 0xa8}, 0x1, 0x0, 0x0, 0x40040880}, 0x404c8c5) sendto$inet6(r1, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="fcaebc56dd3da00bfcc68500000000002700edffff0746e2ed339cb47a526c94db2208fe7d2c86722a410ceca221ac834818f8485f759eff371c7e05000000000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0xb3, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xdfab1f40ed8288c3}, 0x3f) shutdown(r1, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7d) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000003c0)=0x7e) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) write$FUSE_LK(r6, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x6, 0x4, 0x1}}}, 0x28) write$FUSE_INTERRUPT(r6, &(0x7f00000000c0)={0x10, 0x24}, 0x10) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@posixacl}]}}) splice(r1, &(0x7f0000000080)=0x3, r0, &(0x7f0000000500)=0x1, 0xda70, 0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000002c0), &(0x7f0000000340)=0x4) r7 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, 0x0, &(0x7f00000000c0)) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x5, &(0x7f00000004c0)={[{@data_ordered}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@orlov}, {@debug}, {@grpid}]}, 0x0, 0x5aa, &(0x7f0000001940)="$eJzs3c9rHFUcAPDvm2zSpKkmFUFrDwYKtqAmTVpRRLDFevPgj4InwZikpXTbhiaCrRVTqP+B/gGCNy/isYgU9eLVm+AfIMUiNRdvkdnsbjfNbtptdzM18/nANPNmdvt9k/Dd9/bte7MBlNZE/k8WsS8iFlPEWMu5StRPTqw/7p/bV+ZWb1+ZS7G29t7fKVL9WOPxqf5ztP7k4Yj47acUTwxsjrt06fLZ2Wp14WK9PLV8bnFq6dLlF8+cmz29cHrh/Mz0y9MvHT0yc/RwT65zT0T8Mnmicu3UG/u/m/tm7+c/fHs9xbFmnVuvo1cmYqL5/7fKf6+v9DpYQQbq19P6J06VAitEVxp/v8GIeCrGYiCGmufG4ot3Cq0c0FdrKWINKKkk/6GkGv2A/P1vYyu2RwJsl1vH1wcAGmN7+RYjUTtYGxuM4drYwO7VFK3DOikiejEyl8dYfC6N5Vv0aRwOaG/lakQ83a79T7XcHK+N4uf5n23I/ywi3q7/zI+/+4DxJ+4qy3/YPg+T/x+25P9HDxhf/gMAAAAAAEDv3DgeES+0+/wva87/iTbzf0Yj4lgP4t/787/sZg/CAG3cOh7xWkSsts7/22h8oP45/2O1+QCD6dSZ6sLhiHg8Ig7F4K68PL1FjIn9vw52PNcy/y/fVocioj4XcF12s7Jr43PmZ5dnH/R6gTtuXY14ppLnf4qN+Z+a7X9q0/7nrweL9xlj7cTrP3c6tyn/b1+ZW9yQ/0C/rH0dcbBt+3/nzhVp6/tzTNX6A1ONXsFmn35w/ftO8eU/FCdv/3dvnf/jqfV+PUvdx/jsrz8eIv/b9/+H0snaLWcadyv5ZHZ5+eJ0xFB6a/Pxme7rDDtRIx8a+ZLn/6ED7fI/27L/PxIRK53DjLQWTv745rVOD9T+Q3Hy/J/vqv3vfufA+1/92yn+/bX/R2tt+qH6EeN/0FbW2LnfBC22ugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/5RFxJ5I2WRzP8smJyNGI+LJ2J1VLywtP3/qwsfn5/Nzte//zxrf9Du2Xk6N7/8fbynP3FU+EhF7I+LLgZFaeXLuQnW+6IsHAAAAAAAAAAAAAAAAAACAR8Roh/X/uT8Hiq4d0HeVoisAFEb+Q3l1l/9DfasHsM2Gu27/B/tVFWD76f9Decl/KC/5D+X1EPm/0st6ANuvsj4MCJSQ/j8AAAAAAOwoe5+98XuKiJVXR2pbtCzwMc8fdras6AoAhXGLHygvU3+gvLzHB9I9zndeHnCvZwIAAAAAAAAAAAAAvXJwn/X/UFbW/0N5Wf8P5WX9P5SX9/iA9f8AAAAAAAAAAAAA8OhbunT57Gy1unCxiJ1d9UoUE/2uneFCo9sp1U48GtXYaqfgFyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDpvwAAAP//PDTyjg==") [ 75.063407][ T4680] Bluetooth: hci0: command tx timeout [ 75.201114][ T5336] ------------[ cut here ]------------ [ 75.203607][ T5336] WARNING: CPU: 0 PID: 5336 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.208005][ T5336] Modules linked in: [ 75.210342][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.213806][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.218078][ T5336] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.221440][ T5336] Code: 74 10 4c 89 e7 89 54 24 0c e8 94 b9 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 30 5f 2e 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.229516][ T5336] RSP: 0018:ffffc9000fcc7880 EFLAGS: 00010246 [ 75.232293][ T5336] RAX: ffffc9000fcc7800 RBX: 0000000000000033 RCX: 0000000000000000 [ 75.235661][ T5336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000fcc78e8 [ 75.239136][ T5336] RBP: ffffc9000fcc7970 R08: ffffc9000fcc78e7 R09: 0000000000000000 [ 75.242656][ T5336] R10: ffffc9000fcc78c0 R11: fffff52001f98f1d R12: 0000000000000000 [ 75.245895][ T5336] R13: 1ffff92001f98f14 R14: 0000000000040d40 R15: dffffc0000000000 [ 75.249108][ T5336] FS: 00007f99ce6c06c0(0000) GS:ffff88808d96d000(0000) knlGS:0000000000000000 [ 75.252726][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.255875][ T5336] CR2: 0000200000001000 CR3: 0000000042931000 CR4: 0000000000352ef0 [ 75.259126][ T5336] Call Trace: [ 75.261478][ T5336] [ 75.262777][ T5336] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.265533][ T5336] ? p9_client_clunk+0x1b6/0x250 [ 75.267757][ T5336] alloc_pages_mpol+0x232/0x4a0 [ 75.270197][ T5336] ___kmalloc_large_node+0x5f/0x1b0 [ 75.272898][ T5336] __kmalloc_large_node_noprof+0x18/0x90 [ 75.275324][ T5336] __kmalloc_noprof+0x4bd/0x7f0 [ 75.277559][ T5336] ? v9fs_fid_get_acl+0x4f/0x100 [ 75.279733][ T5336] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 75.282400][ T5336] v9fs_fid_get_acl+0x4f/0x100 [ 75.284416][ T5336] v9fs_get_acl+0x11b/0x360 [ 75.286379][ T5336] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 75.288712][ T5336] v9fs_mount+0x6eb/0xa50 [ 75.290635][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.292915][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.295096][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.297193][ T5336] legacy_get_tree+0xfa/0x1a0 [ 75.299032][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.301168][ T5336] vfs_get_tree+0x8f/0x2b0 [ 75.303137][ T5336] do_new_mount+0x302/0xa10 [ 75.305078][ T5336] ? apparmor_capable+0x137/0x1b0 [ 75.307055][ T5336] ? __pfx_do_new_mount+0x10/0x10 [ 75.309214][ T5336] ? ns_capable+0x8a/0xf0 [ 75.311247][ T5336] ? path_mount+0x61c/0xfe0 [ 75.313120][ T5336] ? kmem_cache_free+0x19b/0x690 [ 75.315263][ T5336] __se_sys_mount+0x313/0x410 [ 75.317329][ T5336] ? __pfx___se_sys_mount+0x10/0x10 [ 75.319131][ T5336] ? rcu_is_watching+0x15/0xb0 [ 75.321022][ T5336] ? do_syscall_64+0xbe/0x3b0 [ 75.322976][ T5336] ? __x64_sys_mount+0x20/0xc0 [ 75.324858][ T5336] do_syscall_64+0xfa/0x3b0 [ 75.326497][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.328794][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.331591][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 75.333354][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.335939][ T5336] RIP: 0033:0x7f99cd78eec9 [ 75.337893][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.346430][ T5336] RSP: 002b:00007f99ce6c0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 75.351162][ T5336] RAX: ffffffffffffffda RBX: 00007f99cd9e5fa0 RCX: 00007f99cd78eec9 [ 75.354351][ T5336] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 75.357531][ T5336] RBP: 00007f99cd811f91 R08: 0000200000000500 R09: 0000000000000000 [ 75.361193][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.364400][ T5336] R13: 00007f99cd9e6038 R14: 00007f99cd9e5fa0 R15: 00007fff573f9068 [ 75.367586][ T5336] [ 75.368632][ T5336] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.371153][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.374541][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.379098][ T5336] Call Trace: [ 75.380967][ T5336] [ 75.382678][ T5336] dump_stack_lvl+0x99/0x250 [ 75.385507][ T5336] ? __asan_memcpy+0x40/0x70 [ 75.388355][ T5336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.391585][ T5336] ? __pfx__printk+0x10/0x10 [ 75.394356][ T5336] vpanic+0x237/0x6d0 [ 75.396821][ T5336] ? __pfx_vpanic+0x10/0x10 [ 75.399523][ T5336] panic+0xb9/0xc0 [ 75.401737][ T5336] ? __pfx_panic+0x10/0x10 [ 75.404446][ T5336] __warn+0x31b/0x4b0 [ 75.406752][ T5336] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.410286][ T5336] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.413600][ T5336] report_bug+0x2be/0x4f0 [ 75.415985][ T5336] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.418901][ T5336] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.421625][ T5336] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 75.424365][ T5336] handle_bug+0x84/0x160 [ 75.426259][ T5336] exc_invalid_op+0x1a/0x50 [ 75.428380][ T5336] asm_exc_invalid_op+0x1a/0x20 [ 75.430592][ T5336] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.433445][ T5336] Code: 74 10 4c 89 e7 89 54 24 0c e8 94 b9 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 30 5f 2e 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.444476][ T5336] RSP: 0018:ffffc9000fcc7880 EFLAGS: 00010246 [ 75.448180][ T5336] RAX: ffffc9000fcc7800 RBX: 0000000000000033 RCX: 0000000000000000 [ 75.452541][ T5336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000fcc78e8 [ 75.456502][ T5336] RBP: ffffc9000fcc7970 R08: ffffc9000fcc78e7 R09: 0000000000000000 [ 75.460127][ T5336] R10: ffffc9000fcc78c0 R11: fffff52001f98f1d R12: 0000000000000000 [ 75.463720][ T5336] R13: 1ffff92001f98f14 R14: 0000000000040d40 R15: dffffc0000000000 [ 75.467327][ T5336] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.470167][ T5336] ? p9_client_clunk+0x1b6/0x250 [ 75.472420][ T5336] alloc_pages_mpol+0x232/0x4a0 [ 75.474527][ T5336] ___kmalloc_large_node+0x5f/0x1b0 [ 75.476750][ T5336] __kmalloc_large_node_noprof+0x18/0x90 [ 75.479075][ T5336] __kmalloc_noprof+0x4bd/0x7f0 [ 75.481134][ T5336] ? v9fs_fid_get_acl+0x4f/0x100 [ 75.482932][ T5336] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 75.484894][ T5336] v9fs_fid_get_acl+0x4f/0x100 [ 75.486431][ T5336] v9fs_get_acl+0x11b/0x360 [ 75.488086][ T5336] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 75.490200][ T5336] v9fs_mount+0x6eb/0xa50 [ 75.492035][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.494123][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.496233][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.498401][ T5336] legacy_get_tree+0xfa/0x1a0 [ 75.500740][ T5336] ? __pfx_v9fs_mount+0x10/0x10 [ 75.503210][ T5336] vfs_get_tree+0x8f/0x2b0 [ 75.505303][ T5336] do_new_mount+0x302/0xa10 [ 75.507299][ T5336] ? apparmor_capable+0x137/0x1b0 [ 75.509640][ T5336] ? __pfx_do_new_mount+0x10/0x10 [ 75.512178][ T5336] ? ns_capable+0x8a/0xf0 [ 75.514351][ T5336] ? path_mount+0x61c/0xfe0 [ 75.516551][ T5336] ? kmem_cache_free+0x19b/0x690 [ 75.518849][ T5336] __se_sys_mount+0x313/0x410 [ 75.520996][ T5336] ? __pfx___se_sys_mount+0x10/0x10 [ 75.523301][ T5336] ? rcu_is_watching+0x15/0xb0 [ 75.525399][ T5336] ? do_syscall_64+0xbe/0x3b0 [ 75.527455][ T5336] ? __x64_sys_mount+0x20/0xc0 [ 75.529611][ T5336] do_syscall_64+0xfa/0x3b0 [ 75.531636][ T5336] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.533908][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.536524][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 75.538624][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.541114][ T5336] RIP: 0033:0x7f99cd78eec9 [ 75.542884][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.550803][ T5336] RSP: 002b:00007f99ce6c0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 75.554353][ T5336] RAX: ffffffffffffffda RBX: 00007f99cd9e5fa0 RCX: 00007f99cd78eec9 [ 75.557612][ T5336] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 75.560777][ T5336] RBP: 00007f99cd811f91 R08: 0000200000000500 R09: 0000000000000000 [ 75.564133][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.567344][ T5336] R13: 00007f99cd9e6038 R14: 00007f99cd9e5fa0 R15: 00007fff573f9068 [ 75.570700][ T5336] [ 75.572400][ T5336] Kernel Offset: disabled [ 75.574100][ T5336] Rebooting in 86400 seconds..