program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, 0x9, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_SETNAME={0xffffffffffffff52, 0x2, 'syz1\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x102) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async) fallocate(r2, 0x0, 0x0, 0x1000f4) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000100)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f00000000c0)='qdisc_dequeue\x00', r0, 0x0, 0x1}, 0x18) (async) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) [ 107.921469][ T5329] netlink: 32 bytes leftover after parsing attributes in process `syz.0.0'. [ 108.121329][ T5331] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 108.124074][ T5331] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 108.135281][ C0] ------------[ cut here ]------------ [ 108.137684][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci0 [ 108.140594][ C0] WARNING: CPU: 0 PID: 5335 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 [ 108.144492][ C0] Modules linked in: [ 108.146155][ C0] CPU: 0 UID: 0 PID: 5335 Comm: rm Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 108.150953][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.155673][ C0] RIP: 0010:__queue_work+0xd62/0xfe0 [ 108.157958][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 29 0d 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 e1 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 30 8a 35 00 90 0f 0b 90 e9 dd fc ff [ 108.165731][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046 [ 108.167942][ C0] RAX: d4ef00729a6b4700 RBX: 0000000000000100 RCX: ffff8880002fc880 [ 108.171123][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 108.174965][ C0] RBP: 1ffff1100883c238 R08: 0000000000000003 R09: 0000000000000004 [ 108.178475][ C0] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dffffc0000000000 [ 108.181773][ C0] R13: ffff888043eec948 R14: 0000000000000008 R15: ffff8880441e1178 [ 108.184762][ C0] FS: 0000000000000000(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 108.188187][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.190693][ C0] CR2: 00007f82b36ee286 CR3: 0000000053026000 CR4: 0000000000352ef0 [ 108.193976][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 108.197828][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 108.201474][ C0] Call Trace: [ 108.203275][ C0] [ 108.204795][ C0] call_timer_fn+0x17e/0x5f0 [ 108.206828][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 108.209358][ C0] ? call_timer_fn+0xbe/0x5f0 [ 108.211444][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 108.213634][ C0] ? do_raw_spin_unlock+0x4d/0x240 [ 108.215638][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 108.217926][ C0] __run_timer_base+0x646/0x860 [ 108.220013][ C0] ? ktime_get+0x3e/0x1f0 [ 108.221889][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 108.224237][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 108.226532][ C0] run_timer_softirq+0xb7/0x180 [ 108.228648][ C0] handle_softirqs+0x286/0x870 [ 108.230662][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 108.232496][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 108.234683][ C0] ? irqtime_account_irq+0x18/0x1c0 [ 108.236985][ C0] __irq_exit_rcu+0xca/0x1f0 [ 108.239045][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 108.241263][ C0] irq_exit_rcu+0x9/0x30 [ 108.242935][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 108.245396][ C0] [ 108.246704][ C0] [ 108.248036][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.250581][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 108.252663][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b cd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 108.260443][ C0] RSP: 0018:ffffc9000f45ee08 EFLAGS: 00000206 [ 108.263025][ C0] RAX: d4ef00729a6b4700 RBX: 0000000000000000 RCX: d4ef00729a6b4700 [ 108.266372][ C0] RDX: 0000000000000000 RSI: ffffffff8db6ef48 RDI: ffffffff8be28d40 [ 108.269691][ C0] RBP: ffffffff8216c28b R08: 0000000000000000 R09: ffffffff8216c28b [ 108.273030][ C0] R10: dffffc0000000000 R11: fffff52001e8bdc4 R12: 0000000000000000 [ 108.276021][ C0] R13: ffff88801fc3fe98 R14: 0000000000000001 R15: 0000000000000246 [ 108.279538][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.281959][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.284476][ C0] _raw_spin_trylock+0x47/0x80 [ 108.286647][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.288985][ C0] get_page_from_freelist+0x63b/0x22c0 [ 108.291392][ C0] ? __kernel_text_address+0xd/0x40 [ 108.293745][ C0] ? __pfx_get_page_from_freelist+0x10/0x10 [ 108.296456][ C0] ? prepare_alloc_pages+0x213/0x610 [ 108.298744][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 108.301342][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 108.304054][ C0] ? __lock_acquire+0xab9/0xd20 [ 108.306155][ C0] alloc_pages_mpol+0x232/0x4a0 [ 108.308334][ C0] alloc_pages_noprof+0xa9/0x190 [ 108.310486][ C0] pte_alloc_one+0x21/0x170 [ 108.312406][ C0] __pte_alloc+0x25/0x1a0 [ 108.314359][ C0] move_page_tables+0x1839/0x1b90 [ 108.316496][ C0] ? vma_prepare+0x47e/0x4b0 [ 108.318331][ C0] ? move_page_tables+0x5a1/0x1b90 [ 108.320545][ C0] ? __pfx_move_page_tables+0x10/0x10 [ 108.322820][ C0] ? vma_expand+0x44d/0x7d0 [ 108.324754][ C0] relocate_vma_down+0x316/0x500 [ 108.326784][ C0] ? __pfx_relocate_vma_down+0x10/0x10 [ 108.329106][ C0] ? vma_wants_writenotify+0xb3/0x2a0 [ 108.331425][ C0] ? __pfx_mprotect_fixup+0x10/0x10 [ 108.333650][ C0] ? tlb_finish_mmu+0x165/0x1d0 [ 108.335719][ C0] setup_arg_pages+0x5df/0xaa0 [ 108.337763][ C0] ? __pfx_setup_arg_pages+0x10/0x10 [ 108.339883][ C0] ? up_write+0x1c4/0x420 [ 108.341574][ C0] load_elf_binary+0xb59/0x2790 [ 108.343634][ C0] ? load_elf_binary+0x8f1/0x2790 [ 108.345543][ C0] ? load_misc_binary+0x110/0xc40 [ 108.347728][ C0] ? __lock_acquire+0xab9/0xd20 [ 108.349744][ C0] ? __pfx_load_elf_binary+0x10/0x10 [ 108.351857][ C0] bprm_execve+0x99c/0x1450 [ 108.353837][ C0] ? __pfx_bprm_execve+0x10/0x10 [ 108.355969][ C0] do_execveat_common+0x510/0x6a0 [ 108.358103][ C0] __x64_sys_execve+0x94/0xb0 [ 108.360076][ C0] do_syscall_64+0xfa/0x3b0 [ 108.362002][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.364215][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.366752][ C0] ? clear_bhb_loop+0x60/0xb0 [ 108.368629][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.371072][ C0] RIP: 0033:0x7f82b3634107 [ 108.372921][ C0] Code: Unable to access opcode bytes at 0x7f82b36340dd. [ 108.375826][ C0] RSP: 002b:00007ffd4d976bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 108.379398][ C0] RAX: ffffffffffffffda RBX: 0000558d1d4880c8 RCX: 00007f82b3634107 [ 108.382696][ C0] RDX: 0000558d1d4880e8 RSI: 0000558d1d4880c8 RDI: 0000558d1d488170 [ 108.385933][ C0] RBP: 0000558d1d488170 R08: 00007ffd4d979eb1 R09: 0000000000000000 [ 108.389225][ C0] R10: 0000000000000008 R11: 0000000000000246 R12: 0000558d1d4880e8 [ 108.392499][ C0] R13: 00007f82b37f9e8b R14: 0000558d1d4880e8 R15: 0000000000000000 [ 108.395828][ C0] [ 108.397196][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 108.400233][ C0] CPU: 0 UID: 0 PID: 5335 Comm: rm Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 108.405013][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.409541][ C0] Call Trace: [ 108.410950][ C0] [ 108.412254][ C0] dump_stack_lvl+0x99/0x250 [ 108.414051][ C0] ? __asan_memcpy+0x40/0x70 [ 108.416028][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.418316][ C0] ? __pfx__printk+0x10/0x10 [ 108.420279][ C0] panic+0x2db/0x790 [ 108.421870][ C0] ? __pfx_panic+0x10/0x10 [ 108.424436][ C0] ? show_trace_log_lvl+0x4fb/0x550 [ 108.426682][ C0] __warn+0x31b/0x4b0 [ 108.428458][ C0] ? __queue_work+0xd62/0xfe0 [ 108.430467][ C0] ? __queue_work+0xd62/0xfe0 [ 108.432418][ C0] report_bug+0x2be/0x4f0 [ 108.434263][ C0] ? __queue_work+0xd62/0xfe0 [ 108.436240][ C0] ? __queue_work+0xd62/0xfe0 [ 108.438179][ C0] ? __queue_work+0xd64/0xfe0 [ 108.440208][ C0] handle_bug+0x84/0x160 [ 108.441948][ C0] exc_invalid_op+0x1a/0x50 [ 108.443896][ C0] asm_exc_invalid_op+0x1a/0x20 [ 108.445860][ C0] RIP: 0010:__queue_work+0xd62/0xfe0 [ 108.448102][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 29 0d 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 40 e1 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 30 8a 35 00 90 0f 0b 90 e9 dd fc ff [ 108.456004][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046 [ 108.458473][ C0] RAX: d4ef00729a6b4700 RBX: 0000000000000100 RCX: ffff8880002fc880 [ 108.461612][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 108.464605][ C0] RBP: 1ffff1100883c238 R08: 0000000000000003 R09: 0000000000000004 [ 108.468090][ C0] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dffffc0000000000 [ 108.471374][ C0] R13: ffff888043eec948 R14: 0000000000000008 R15: ffff8880441e1178 [ 108.474885][ C0] ? __queue_work+0xd61/0xfe0 [ 108.476954][ C0] call_timer_fn+0x17e/0x5f0 [ 108.478951][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 108.481516][ C0] ? call_timer_fn+0xbe/0x5f0 [ 108.483555][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 108.485830][ C0] ? do_raw_spin_unlock+0x4d/0x240 [ 108.488695][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 108.491026][ C0] __run_timer_base+0x646/0x860 [ 108.493148][ C0] ? ktime_get+0x3e/0x1f0 [ 108.495319][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 108.497837][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 108.500600][ C0] run_timer_softirq+0xb7/0x180 [ 108.502752][ C0] handle_softirqs+0x286/0x870 [ 108.504952][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 108.507045][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 108.509369][ C0] ? irqtime_account_irq+0x18/0x1c0 [ 108.511803][ C0] __irq_exit_rcu+0xca/0x1f0 [ 108.513730][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 108.516072][ C0] irq_exit_rcu+0x9/0x30 [ 108.517991][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 108.520372][ C0] [ 108.521649][ C0] [ 108.522999][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.525443][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 108.527728][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b cd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 108.535691][ C0] RSP: 0018:ffffc9000f45ee08 EFLAGS: 00000206 [ 108.538390][ C0] RAX: d4ef00729a6b4700 RBX: 0000000000000000 RCX: d4ef00729a6b4700 [ 108.541900][ C0] RDX: 0000000000000000 RSI: ffffffff8db6ef48 RDI: ffffffff8be28d40 [ 108.545319][ C0] RBP: ffffffff8216c28b R08: 0000000000000000 R09: ffffffff8216c28b [ 108.548678][ C0] R10: dffffc0000000000 R11: fffff52001e8bdc4 R12: 0000000000000000 [ 108.551943][ C0] R13: ffff88801fc3fe98 R14: 0000000000000001 R15: 0000000000000246 [ 108.555424][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.557800][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.560321][ C0] _raw_spin_trylock+0x47/0x80 [ 108.562301][ C0] ? get_page_from_freelist+0x63b/0x22c0 [ 108.564733][ C0] get_page_from_freelist+0x63b/0x22c0 [ 108.566951][ C0] ? __kernel_text_address+0xd/0x40 [ 108.569268][ C0] ? __pfx_get_page_from_freelist+0x10/0x10 [ 108.571930][ C0] ? prepare_alloc_pages+0x213/0x610 [ 108.574373][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 108.576928][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 108.579730][ C0] ? __lock_acquire+0xab9/0xd20 [ 108.581931][ C0] alloc_pages_mpol+0x232/0x4a0 [ 108.584178][ C0] alloc_pages_noprof+0xa9/0x190 [ 108.586311][ C0] pte_alloc_one+0x21/0x170 [ 108.588133][ C0] __pte_alloc+0x25/0x1a0 [ 108.589777][ C0] move_page_tables+0x1839/0x1b90 [ 108.591759][ C0] ? vma_prepare+0x47e/0x4b0 [ 108.593568][ C0] ? move_page_tables+0x5a1/0x1b90 [ 108.595619][ C0] ? __pfx_move_page_tables+0x10/0x10 [ 108.597721][ C0] ? vma_expand+0x44d/0x7d0 [ 108.599568][ C0] relocate_vma_down+0x316/0x500 [ 108.601425][ C0] ? __pfx_relocate_vma_down+0x10/0x10 [ 108.603869][ C0] ? vma_wants_writenotify+0xb3/0x2a0 [ 108.606062][ C0] ? __pfx_mprotect_fixup+0x10/0x10 [ 108.608226][ C0] ? tlb_finish_mmu+0x165/0x1d0 [ 108.610239][ C0] setup_arg_pages+0x5df/0xaa0 [ 108.612153][ C0] ? __pfx_setup_arg_pages+0x10/0x10 [ 108.614450][ C0] ? up_write+0x1c4/0x420 [ 108.616440][ C0] load_elf_binary+0xb59/0x2790 [ 108.618664][ C0] ? load_elf_binary+0x8f1/0x2790 [ 108.621371][ C0] ? load_misc_binary+0x110/0xc40 [ 108.624095][ C0] ? __lock_acquire+0xab9/0xd20 [ 108.626235][ C0] ? __pfx_load_elf_binary+0x10/0x10 [ 108.628547][ C0] bprm_execve+0x99c/0x1450 [ 108.630302][ C0] ? __pfx_bprm_execve+0x10/0x10 [ 108.632511][ C0] do_execveat_common+0x510/0x6a0 [ 108.634713][ C0] __x64_sys_execve+0x94/0xb0 [ 108.636875][ C0] do_syscall_64+0xfa/0x3b0 [ 108.638799][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.640707][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.642939][ C0] ? clear_bhb_loop+0x60/0xb0 [ 108.644912][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.647401][ C0] RIP: 0033:0x7f82b3634107 [ 108.649287][ C0] Code: Unable to access opcode bytes at 0x7f82b36340dd. [ 108.652016][ C0] RSP: 002b:00007ffd4d976bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 108.655627][ C0] RAX: ffffffffffffffda RBX: 0000558d1d4880c8 RCX: 00007f82b3634107 [ 108.659167][ C0] RDX: 0000558d1d4880e8 RSI: 0000558d1d4880c8 RDI: 0000558d1d488170 [ 108.662340][ C0] RBP: 0000558d1d488170 R08: 00007ffd4d979eb1 R09: 0000000000000000 [ 108.665573][ C0] R10: 0000000000000008 R11: 0000000000000246 R12: 0000558d1d4880e8 [ 108.668561][ C0] R13: 00007f82b37f9e8b R14: 0000558d1d4880e8 R15: 0000000000000000 [ 108.671681][ C0] [ 108.672990][ C0] Kernel Offset: disabled [ 108.674508][ C0] Rebooting in 86400 seconds..