program: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x7, 0x46}}}}}, 0x20}}, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x5e, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x0, 0x0, 0x1}, {0x8035, 0x7, 0x0, 0x3}}, {@canfd={0xd, {{0x3, 0x1}, 0x12, 0x0, 0x0, 0x0, "185dbb1cd7b284fee8cba2a31982503227a0ff346406455075b841f871b84b9dff1af3ba0a3fbfba7671ea11278096e5abfb374f6a01ec216cdde1aba35ee5e3"}}}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r1, 0x21eae}}, 0x20}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$unix(0x1, 0x2, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x3c, r5, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f00000002c0)={0xc, r9}) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r8, 0x3b71, &(0x7f0000000040)={0x20, 0x2, &(0x7f00000000c0), 0x8000, 0x10000}) ioctl$IOMMU_VFIO_SET_IOMMU(r8, 0x3b66, 0x1) r10 = socket$inet_sctp(0x2, 0x1, 0x84) r11 = memfd_create(&(0x7f00000001c0)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) r12 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r12) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xdb, 0x9d, 0x1b, 0x8, 0x12d1, 0xfae2, 0x708b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x4, 0x1a}}]}}]}}, 0x0) recvmmsg(r10, &(0x7f0000000fc0)=[{{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @loopback}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000540)=""/161, 0xa1}, {&(0x7f0000000600)=""/201, 0xc9}, {&(0x7f0000000700)=""/61, 0x3d}, {&(0x7f0000000740)=""/47, 0x2f}, {&(0x7f0000000780)=""/71, 0x47}, {&(0x7f0000000800)=""/13, 0xd}, {&(0x7f0000000840)=""/114, 0x72}, {&(0x7f00000008c0)}], 0x8, &(0x7f0000000980)=""/241, 0xf1}, 0x6}, {{&(0x7f0000000a80)=@caif, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000b00)=""/59, 0x3b}, {&(0x7f0000000b40)=""/226, 0xe2}], 0x2, &(0x7f0000000c80)=""/17, 0x11}, 0xea32}, {{&(0x7f0000000cc0)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000d40)=""/242, 0xf2}], 0x1, &(0x7f0000000e80)=""/117, 0x75}, 0x7}], 0x3, 0xa0, &(0x7f0000000f00)={0x77359400}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1641500889dda6de}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r5, 0x200, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "7d5749e2cd"}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048800}, 0x80) ioctl$EVIOCRMFF(r12, 0xc0085504, &(0x7f0000000400)) write$binfmt_elf64(r11, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00ffff0000000000000000000040000000000000000000000000000000000000000000380002"], 0x78) execveat(r11, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) [ 86.283543][ T5353][ 85.962223][ T5346] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 86.261275][ T5322] Bluetooth: hci0: command tx timeout [ 86.431352][ T5343] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 86.580943][ T5343] usb 5-1: Using ep0 maxpacket: 8 [ 86.589220][ T5343] usb 5-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 86.593359][ T5343] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.596398][ T5343] usb 5-1: Product: syz [ 86.598238][ T5343] usb 5-1: Manufacturer: syz [ 86.600241][ T5343] usb 5-1: SerialNumber: syz [ 86.611309][ T5343] usb 5-1: config 0 descriptor?? [ 86.618300][ T5343] option 5-1:0.0: GSM modem (1-port) converter detected [ 86.817126][ T5346] ------------[ cut here ]------------ [ 86.819216][ T5346] WARNING: mm/page_alloc.c:5159 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5346 [ 86.823375][ T5346] Modules linked in: [ 86.825067][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.828730][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.833347][ T5346] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.836197][ T5346] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 9b 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 11 11 50 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 86.844844][ T5346] RSP: 0018:ffffc9000d47f940 EFLAGS: 00010246 [ 86.848152][ T5346] RAX: ffffc9000d47f900 RBX: 0000000000000013 RCX: 0000000000000000 [ 86.852381][ T5346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d47f9a8 [ 86.855732][ T5346] RBP: ffffc9000d47fa28 R08: ffffc9000d47f9a7 R09: 0000000000000000 [ 86.859006][ T5346] R10: ffffc9000d47f980 R11: fffff52001a8ff35 R12: 0000000000000000 [ 86.862275][ T5346] R13: 1ffff92001a8ff2c R14: 0000000000040cc0 R15: dffffc0000000000 [ 86.865337][ T5346] FS: 00007f9004c3e6c0(0000) GS:ffff88808d68a000(0000) knlGS:0000000000000000 [ 86.869172][ T5346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.871876][ T5346] CR2: 0000200000001000 CR3: 00000000428f0000 CR4: 0000000000352ef0 [ 86.875185][ T5346] Call Trace: [ 86.876623][ T5346] [ 86.877997][ T5346] ? __kasan_slab_free+0x5c/0x80 [ 86.880011][ T5346] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 86.882904][ T5346] ? policy_nodemask+0x27c/0x720 [ 86.885148][ T5346] alloc_pages_mpol+0x232/0x4a0 [ 86.887303][ T5346] ___kmalloc_large_node+0x4e/0x100 [ 86.889724][ T5346] __kmalloc_large_node_noprof+0x18/0x90 [ 86.892531][ T5346] __kmalloc_noprof+0x4bd/0x800 [ 86.894672][ T5346] ? raw_ioctl+0x1962/0x3bc0 [ 86.896769][ T5346] raw_ioctl+0x1962/0x3bc0 [ 86.898715][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.902710][ T5346] ? do_vfs_ioctl+0xbe8/0x1430 [ 86.904819][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.907315][ T5346] ? __pfx_raw_ioctl+0x10/0x10 [ 86.909394][ T5346] ? do_futex+0x333/0x420 [ 86.911463][ T5346] ? __fget_files+0x2a/0x420 [ 86.913502][ T5346] ? __fget_files+0x2a/0x420 [ 86.915566][ T5346] ? __fget_files+0x3a0/0x420 [ 86.917729][ T5346] ? __fget_files+0x2a/0x420 [ 86.919745][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.921995][ T5346] ? __pfx_raw_ioctl+0x10/0x10 [ 86.924098][ T5346] __se_sys_ioctl+0xfc/0x170 [ 86.926137][ T5346] do_syscall_64+0xfa/0xf80 [ 86.928193][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.930713][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 86.932695][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.935029][ T5346] RIP: 0033:0x7f9003d8f7c9 [ 86.936731][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.944127][ T5346] RSP: 002b:00007f9004c3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.947608][ T5346] RAX: ffffffffffffffda RBX: 00007f9003fe5fa0 RCX: 00007f9003d8f7c9 [ 86.950907][ T5346] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 000000000000000a [ 86.954313][ T5346] RBP: 00007f9003e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.957427][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.960919][ T5346] R13: 00007f9003fe6038 R14: 00007f9003fe5fa0 R15: 00007ffefb9a56b8 [ 86.964064][ T5346] [ 86.965351][ T5346] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.968328][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.972309][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.976959][ T5346] Call Trace: [ 86.978491][ T5346] [ 86.979804][ T5346] dump_stack_lvl+0x99/0x250 [ 86.981884][ T5346] ? __asan_memcpy+0x40/0x70 [ 86.983926][ T5346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.986129][ T5346] ? __pfx__printk+0x10/0x10 [ 86.988151][ T5346] vpanic+0x237/0x6d0 [ 86.989855][ T5346] ? __pfx_vpanic+0x10/0x10 [ 86.991759][ T5346] ? is_bpf_text_address+0x292/0x2b0 [ 86.994077][ T5346] ? is_bpf_text_address+0x26/0x2b0 [ 86.996399][ T5346] panic+0xb9/0xc0 [ 86.998027][ T5346] ? __pfx_panic+0x10/0x10 [ 87.000029][ T5346] __warn+0x317/0x4b0 [ 87.001684][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.004003][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.006483][ T5346] __report_bug+0x288/0x500 [ 87.008376][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.010909][ T5346] ? __pfx___report_bug+0x10/0x10 [ 87.013010][ T5346] ? is_bpf_text_address+0x292/0x2b0 [ 87.015199][ T5346] ? is_bpf_text_address+0x26/0x2b0 [ 87.017343][ T5346] ? kernel_text_address+0xa5/0xe0 [ 87.019335][ T5346] ? __kernel_text_address+0xd/0x40 [ 87.021740][ T5346] ? unwind_get_return_address+0x4d/0x90 [ 87.024371][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.027185][ T5346] report_bug+0x16a/0x220 [ 87.029256][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.032091][ T5346] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 87.035252][ T5346] handle_bug+0x98/0x200 [ 87.037424][ T5346] exc_invalid_op+0x1a/0x50 [ 87.039612][ T5346] asm_exc_invalid_op+0x1a/0x20 [ 87.041851][ T5346] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.044638][ T5346] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 9b 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 11 11 50 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 87.052505][ T5346] RSP: 0018:ffffc9000d47f940 EFLAGS: 00010246 [ 87.055238][ T5346] RAX: ffffc9000d47f900 RBX: 0000000000000013 RCX: 0000000000000000 [ 87.058799][ T5346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d47f9a8 [ 87.061839][ T5346] RBP: ffffc9000d47fa28 R08: ffffc9000d47f9a7 R09: 0000000000000000 [ 87.064922][ T5346] R10: ffffc9000d47f980 R11: fffff52001a8ff35 R12: 0000000000000000 [ 87.068064][ T5346] R13: 1ffff92001a8ff2c R14: 0000000000040cc0 R15: dffffc0000000000 [ 87.071434][ T5346] ? __kasan_slab_free+0x5c/0x80 [ 87.073385][ T5346] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 87.076048][ T5346] ? policy_nodemask+0x27c/0x720 [ 87.078242][ T5346] alloc_pages_mpol+0x232/0x4a0 [ 87.080317][ T5346] ___kmalloc_large_node+0x4e/0x100 [ 87.082501][ T5346] __kmalloc_large_node_noprof+0x18/0x90 [ 87.084823][ T5346] __kmalloc_noprof+0x4bd/0x800 [ 87.086814][ T5346] ? raw_ioctl+0x1962/0x3bc0 [ 87.088783][ T5346] raw_ioctl+0x1962/0x3bc0 [ 87.090543][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 87.093025][ T5346] ? do_vfs_ioctl+0xbe8/0x1430 [ 87.094919][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 87.097386][ T5346] ? __pfx_raw_ioctl+0x10/0x10 [ 87.099474][ T5346] ? do_futex+0x333/0x420 [ 87.101121][ T5346] ? __fget_files+0x2a/0x420 [ 87.102991][ T5346] ? __fget_files+0x2a/0x420 [ 87.104910][ T5346] ? __fget_files+0x3a0/0x420 [ 87.106967][ T5346] ? __fget_files+0x2a/0x420 [ 87.109045][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 87.111193][ T5346] ? __pfx_raw_ioctl+0x10/0x10 [ 87.113352][ T5346] __se_sys_ioctl+0xfc/0x170 [ 87.115300][ T5346] do_syscall_64+0xfa/0xf80 [ 87.117293][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.119925][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 87.121851][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.124446][ T5346] RIP: 0033:0x7f9003d8f7c9 [ 87.126355][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.134672][ T5346] RSP: 002b:00007f9004c3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.138306][ T5346] RAX: ffffffffffffffda RBX: 00007f9003fe5fa0 RCX: 00007f9003d8f7c9 [ 87.141240][ T5346] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 000000000000000a [ 87.144008][ T5346] RBP: 00007f9003e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.146918][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.150308][ T5346] R13: 00007f9003fe6038 R14: 00007f9003fe5fa0 R15: 00007ffefb9a56b8 [ 87.153554][ T5346] [ 87.155263][ T5346] Kernel Offset: disabled [ 87.157077][ T5346] Rebooting in 86400 seconds..