program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r3}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r7, r6, 0x0, 0x0, 0xdead, 0x8, &(0x7f0000000240)})
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0xf1d, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@delchain={0x24, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x9}, {0x10, 0xffff}}}, 0x24}}, 0x1000000)

[  102.872833][ T4669] Bluetooth: hci0: command tx timeout
[  102.964121][ T5331] iommufd_mock iommufd_mock0: Adding to iommu group 11
[  102.980015][ T5331] ------------[ cut here ]------------
[  102.983458][ T5331] !iommu_table->driver_ops || !iommu_table->driver_ops->change_top || !iommu_table->driver_ops->get_top_lock
[  102.983473][ T5331] WARNING: drivers/iommu/generic_pt/fmt/../iommu_pt.h:1251 at pt_iommu_amdv1_init+0x631/0x9f0, CPU#0: syz.0.0/5331
[  102.997075][ T5331] Modules linked in:
[  102.999105][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.003632][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.009690][ T5331] RIP: 0010:pt_iommu_amdv1_init+0x631/0x9f0
[  103.012568][ T5331] Code: 48 89 df 44 89 fa e8 de 05 00 00 48 89 c3 48 3d 01 f0 ff ff 72 1e e8 de 77 6f fc eb 5e e8 d7 77 6f fc eb 05 e8 d0 77 6f fc 90 <0f> 0b 90 bb ea ff ff ff eb 47 e8 c0 77 6f fc 43 80 7c 35 00 00 74
[  103.021195][ T5331] RSP: 0018:ffffc9000e5efa20 EFLAGS: 00010287
[  103.023880][ T5331] RAX: ffffffff855639f9 RBX: 0000000000000000 RCX: 0000000000100000
[  103.028340][ T5331] RDX: ffffc9000f292000 RSI: 0000000000000395 RDI: 0000000000000396
[  103.032068][ T5331] RBP: ffff88803446a570 R08: ffff88803446a597 R09: 0000000000000000
[  103.035483][ T5331] R10: ffff88803446a568 R11: ffffed100688d4b3 R12: ffff88803446a588
[  103.038923][ T5331] R13: 1ffff1100688d4b1 R14: dffffc0000000000 R15: 0000000000000cc0
[  103.042512][ T5331] FS:  00007efd4e5e16c0(0000) GS:ffff88808ca51000(0000) knlGS:0000000000000000
[  103.047628][ T5331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.050671][ T5331] CR2: 0000000000000000 CR3: 0000000040098000 CR4: 0000000000352ef0
[  103.054090][ T5331] Call Trace:
[  103.055599][ T5331]  <TASK>
[  103.057175][ T5331]  mock_domain_alloc_paging_flags+0x3ba/0x780
[  103.060058][ T5331]  ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10
[  103.063475][ T5331]  ? _raw_spin_unlock+0x28/0x50
[  103.065816][ T5331]  ? _iommufd_object_alloc+0x187/0x210
[  103.068569][ T5331]  ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10
[  103.072344][ T5331]  iommufd_hwpt_paging_alloc+0x3ab/0x830
[  103.075389][ T5331]  iommufd_hwpt_alloc+0x496/0xc10
[  103.077631][ T5331]  ? __pfx_iommufd_hwpt_alloc+0x10/0x10
[  103.080382][ T5331]  iommufd_fops_ioctl+0x4b5/0x5d0
[  103.082919][ T5331]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  103.085409][ T5331]  ? __fget_files+0x2a/0x420
[  103.088399][ T5331]  ? __fget_files+0x2a/0x420
[  103.091087][ T5331]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.093894][ T5331]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  103.096689][ T5331]  __se_sys_ioctl+0xfc/0x170
[  103.099000][ T5331]  do_syscall_64+0x14d/0xf80
[  103.101364][ T5331]  ? trace_irq_disable+0x3b/0x150
[  103.103444][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.106440][ T5331]  ? clear_bhb_loop+0x40/0x90
[  103.108946][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.112232][ T5331] RIP: 0033:0x7efd4d79c799
[  103.114287][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.124371][ T5331] RSP: 002b:00007efd4e5e0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.128214][ T5331] RAX: ffffffffffffffda RBX: 00007efd4da15fa0 RCX: 00007efd4d79c799
[  103.132015][ T5331] RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000008
[  103.136180][ T5331] RBP: 00007efd4d832c99 R08: 0000000000000000 R09: 0000000000000000
[  103.140120][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.143615][ T5331] R13: 00007efd4da16038 R14: 00007efd4da15fa0 R15: 00007ffda4e39d08
[  103.147456][ T5331]  </TASK>
[  103.149140][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  103.152856][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.156978][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.161831][ T5331] Call Trace:
[  103.163654][ T5331]  <TASK>
[  103.165059][ T5331]  vpanic+0x56c/0xa60
[  103.166854][ T5331]  ? __pfx__printk+0x10/0x10
[  103.169149][ T5331]  ? __pfx_vpanic+0x10/0x10
[  103.171672][ T5331]  ? is_bpf_text_address+0x292/0x2b0
[  103.174282][ T5331]  ? is_bpf_text_address+0x26/0x2b0
[  103.176616][ T5331]  panic+0xc5/0xd0
[  103.178416][ T5331]  ? __pfx_panic+0x10/0x10
[  103.180648][ T5331]  __warn+0x315/0x4f0
[  103.183120][ T5331]  ? pt_iommu_amdv1_init+0x631/0x9f0
[  103.186518][ T5331]  ? pt_iommu_amdv1_init+0x631/0x9f0
[  103.189162][ T5331]  __report_bug+0x29a/0x540
[  103.191352][ T5331]  ? pt_iommu_amdv1_init+0x631/0x9f0
[  103.193764][ T5331]  ? __pfx___report_bug+0x10/0x10
[  103.196115][ T5331]  ? iommufd_hwpt_alloc+0x496/0xc10
[  103.198408][ T5331]  ? iommufd_fops_ioctl+0x4b5/0x5d0
[  103.201223][ T5331]  ? __se_sys_ioctl+0xfc/0x170
[  103.204280][ T5331]  ? do_syscall_64+0x14d/0xf80
[  103.206823][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.209649][ T5331]  ? pt_iommu_amdv1_init+0x631/0x9f0
[  103.212048][ T5331]  report_bug+0x16a/0x220
[  103.213891][ T5331]  ? pt_iommu_amdv1_init+0x631/0x9f0
[  103.216665][ T5331]  ? pt_iommu_amdv1_init+0x633/0x9f0
[  103.219703][ T5331]  handle_bug+0x9c/0x200
[  103.221853][ T5331]  exc_invalid_op+0x1a/0x50
[  103.223933][ T5331]  asm_exc_invalid_op+0x1a/0x20
[  103.226154][ T5331] RIP: 0010:pt_iommu_amdv1_init+0x631/0x9f0
[  103.228964][ T5331] Code: 48 89 df 44 89 fa e8 de 05 00 00 48 89 c3 48 3d 01 f0 ff ff 72 1e e8 de 77 6f fc eb 5e e8 d7 77 6f fc eb 05 e8 d0 77 6f fc 90 <0f> 0b 90 bb ea ff ff ff eb 47 e8 c0 77 6f fc 43 80 7c 35 00 00 74
[  103.238912][ T5331] RSP: 0018:ffffc9000e5efa20 EFLAGS: 00010287
[  103.241773][ T5331] RAX: ffffffff855639f9 RBX: 0000000000000000 RCX: 0000000000100000
[  103.245151][ T5331] RDX: ffffc9000f292000 RSI: 0000000000000395 RDI: 0000000000000396
[  103.248731][ T5331] RBP: ffff88803446a570 R08: ffff88803446a597 R09: 0000000000000000
[  103.253709][ T5331] R10: ffff88803446a568 R11: ffffed100688d4b3 R12: ffff88803446a588
[  103.257982][ T5331] R13: 1ffff1100688d4b1 R14: dffffc0000000000 R15: 0000000000000cc0
[  103.261735][ T5331]  ? pt_iommu_amdv1_init+0x629/0x9f0
[  103.264253][ T5331]  mock_domain_alloc_paging_flags+0x3ba/0x780
[  103.266993][ T5331]  ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10
[  103.270411][ T5331]  ? _raw_spin_unlock+0x28/0x50
[  103.273399][ T5331]  ? _iommufd_object_alloc+0x187/0x210
[  103.276329][ T5331]  ? __pfx_mock_domain_alloc_paging_flags+0x10/0x10
[  103.279125][ T5331]  iommufd_hwpt_paging_alloc+0x3ab/0x830
[  103.281423][ T5331]  iommufd_hwpt_alloc+0x496/0xc10
[  103.283662][ T5331]  ? __pfx_iommufd_hwpt_alloc+0x10/0x10
[  103.286349][ T5331]  iommufd_fops_ioctl+0x4b5/0x5d0
[  103.289217][ T5331]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  103.292097][ T5331]  ? __fget_files+0x2a/0x420
[  103.294312][ T5331]  ? __fget_files+0x2a/0x420
[  103.296589][ T5331]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.299346][ T5331]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  103.302536][ T5331]  __se_sys_ioctl+0xfc/0x170
[  103.304853][ T5331]  do_syscall_64+0x14d/0xf80
[  103.307023][ T5331]  ? trace_irq_disable+0x3b/0x150
[  103.309340][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.312303][ T5331]  ? clear_bhb_loop+0x40/0x90
[  103.314773][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.317880][ T5331] RIP: 0033:0x7efd4d79c799
[  103.320078][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.329802][ T5331] RSP: 002b:00007efd4e5e0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.333489][ T5331] RAX: ffffffffffffffda RBX: 00007efd4da15fa0 RCX: 00007efd4d79c799
[  103.337682][ T5331] RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000008
[  103.342118][ T5331] RBP: 00007efd4d832c99 R08: 0000000000000000 R09: 0000000000000000
[  103.345699][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.349386][ T5331] R13: 00007efd4da16038 R14: 00007efd4da15fa0 R15: 00007ffda4e39d08
[  103.353386][ T5331]  </TASK>
[  103.355400][ T5331] Kernel Offset: disabled
[  103.357656][ T5331] Rebooting in 86400 seconds..