program: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r1 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000000)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r1, 0xc01864cb, &(0x7f0000000140)={&(0x7f0000000180)=[r2], &(0x7f0000000100), 0x1}) (async) setgroups(0x1, &(0x7f0000000080)=[0x0]) r3 = add_key$keyring(&(0x7f00000001c0), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r4, 0x0) (async) keyctl$chown(0x16, r3, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r5, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000040)=0x9) ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, &(0x7f0000000240)={&(0x7f0000000200)=[r2, r2, r2, r2], 0x4}) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f000000e0c0), 0x10010) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r7, 0x0) (async) sendfile(r1, r7, 0x0, 0x8000) (async) read$FUSE(r0, &(0x7f0000003440)={0x2020}, 0x2020) [ 76.182568][ T5301] Bluetooth: hci0: command tx timeout [ 76.226651][ T5322] ------------[ cut here ]------------ [ 76.229214][ T5322] WARNING: CPU: 0 PID: 5322 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.243798][ T5322] Modules linked in: [ 76.246580][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.250583][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.255597][ T5322] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.258547][ T5322] Code: 74 10 4c 89 e7 89 54 24 0c e8 24 bc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 27 71 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 76.269464][ T5322] RSP: 0018:ffffc9000ece7880 EFLAGS: 00010246 [ 76.272708][ T5322] RAX: ffffc9000ece7800 RBX: 0000000000000012 RCX: 0000000000000000 [ 76.276085][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ece78e8 [ 76.279436][ T5322] RBP: ffffc9000ece7978 R08: ffffc9000ece78e7 R09: 0000000000000000 [ 76.283323][ T5322] R10: ffffc9000ece78c0 R11: fffff52001d9cf1d R12: 0000000000000000 [ 76.286668][ T5322] R13: 1ffff92001d9cf14 R14: 0000000000040cc0 R15: dffffc0000000000 [ 76.289845][ T5322] FS: 00007f19ad6666c0(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000 [ 76.293878][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.296476][ T5322] CR2: 000055556fcb67c8 CR3: 0000000042cb3000 CR4: 0000000000352ef0 [ 76.299673][ T5322] Call Trace: [ 76.301158][ T5322] [ 76.302897][ T5322] ? __pfx_stack_trace_save+0x10/0x10 [ 76.305197][ T5322] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 76.307972][ T5322] ? policy_nodemask+0x27c/0x720 [ 76.310020][ T5322] ? kasan_save_track+0x3e/0x80 [ 76.311966][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 76.314211][ T5322] ? __kasan_slab_free+0x5c/0x80 [ 76.316206][ T5322] ? kfree+0x19a/0x6d0 [ 76.317655][ T5322] alloc_pages_mpol+0x232/0x4a0 [ 76.319745][ T5322] ___kmalloc_large_node+0x5f/0x1b0 [ 76.322066][ T5322] __kmalloc_large_node_noprof+0x18/0x90 [ 76.324731][ T5322] __kmalloc_noprof+0x4bd/0x7f0 [ 76.326961][ T5322] ? drm_syncobj_array_find+0x3a/0x450 [ 76.329436][ T5322] drm_syncobj_array_find+0x3a/0x450 [ 76.331951][ T5322] drm_syncobj_query_ioctl+0x1c3/0x9d0 [ 76.334627][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.337025][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 76.339251][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.341773][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.344559][ T5322] drm_ioctl+0x67f/0xb10 [ 76.346122][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.348291][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 76.350006][ T5322] ? __fget_files+0x3a0/0x420 [ 76.351703][ T5322] ? __fget_files+0x2a/0x420 [ 76.353612][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.355530][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 76.357604][ T5322] __se_sys_ioctl+0xfc/0x170 [ 76.359709][ T5322] do_syscall_64+0xfa/0xfa0 [ 76.362032][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.364995][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.367730][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 76.370122][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.373868][ T5322] RIP: 0033:0x7f19ac78f6c9 [ 76.376092][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.384420][ T5322] RSP: 002b:00007f19ad666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.388111][ T5322] RAX: ffffffffffffffda RBX: 00007f19ac9e5fa0 RCX: 00007f19ac78f6c9 [ 76.391454][ T5322] RDX: 0000200000000140 RSI: 00000000c01864cb RDI: 0000000000000004 [ 76.394701][ T5322] RBP: 00007f19ac811f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.397860][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.400990][ T5322] R13: 00007f19ac9e6038 R14: 00007f19ac9e5fa0 R15: 00007ffceea3a268 [ 76.404253][ T5322] [ 76.405579][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.408334][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.412005][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.416499][ T5322] Call Trace: [ 76.418011][ T5322] [ 76.419304][ T5322] dump_stack_lvl+0x99/0x250 [ 76.421070][ T5322] ? __asan_memcpy+0x40/0x70 [ 76.423194][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.425445][ T5322] ? __pfx__printk+0x10/0x10 [ 76.427538][ T5322] vpanic+0x237/0x6d0 [ 76.429428][ T5322] ? __pfx_vpanic+0x10/0x10 [ 76.431506][ T5322] panic+0xb9/0xc0 [ 76.433259][ T5322] ? __pfx_panic+0x10/0x10 [ 76.435312][ T5322] __warn+0x31b/0x4b0 [ 76.437177][ T5322] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.439732][ T5322] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.442379][ T5322] report_bug+0x2be/0x4f0 [ 76.443881][ T5322] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.446386][ T5322] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.448573][ T5322] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 76.450853][ T5322] handle_bug+0x84/0x160 [ 76.452478][ T5322] exc_invalid_op+0x1a/0x50 [ 76.454037][ T5322] asm_exc_invalid_op+0x1a/0x20 [ 76.455772][ T5322] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.458104][ T5322] Code: 74 10 4c 89 e7 89 54 24 0c e8 24 bc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 27 71 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 76.465032][ T5322] RSP: 0018:ffffc9000ece7880 EFLAGS: 00010246 [ 76.467716][ T5322] RAX: ffffc9000ece7800 RBX: 0000000000000012 RCX: 0000000000000000 [ 76.471220][ T5322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ece78e8 [ 76.474533][ T5322] RBP: ffffc9000ece7978 R08: ffffc9000ece78e7 R09: 0000000000000000 [ 76.477634][ T5322] R10: ffffc9000ece78c0 R11: fffff52001d9cf1d R12: 0000000000000000 [ 76.480896][ T5322] R13: 1ffff92001d9cf14 R14: 0000000000040cc0 R15: dffffc0000000000 [ 76.483969][ T5322] ? __pfx_stack_trace_save+0x10/0x10 [ 76.486131][ T5322] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 76.488812][ T5322] ? policy_nodemask+0x27c/0x720 [ 76.490723][ T5322] ? kasan_save_track+0x3e/0x80 [ 76.492624][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 76.494998][ T5322] ? __kasan_slab_free+0x5c/0x80 [ 76.497084][ T5322] ? kfree+0x19a/0x6d0 [ 76.498851][ T5322] alloc_pages_mpol+0x232/0x4a0 [ 76.500885][ T5322] ___kmalloc_large_node+0x5f/0x1b0 [ 76.503309][ T5322] __kmalloc_large_node_noprof+0x18/0x90 [ 76.506064][ T5322] __kmalloc_noprof+0x4bd/0x7f0 [ 76.508546][ T5322] ? drm_syncobj_array_find+0x3a/0x450 [ 76.511079][ T5322] drm_syncobj_array_find+0x3a/0x450 [ 76.513144][ T5322] drm_syncobj_query_ioctl+0x1c3/0x9d0 [ 76.515322][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.517710][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 76.519879][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.522377][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.524758][ T5322] drm_ioctl+0x67f/0xb10 [ 76.526639][ T5322] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.529319][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 76.531386][ T5322] ? __fget_files+0x3a0/0x420 [ 76.533481][ T5322] ? __fget_files+0x2a/0x420 [ 76.535424][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.537435][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 76.539542][ T5322] __se_sys_ioctl+0xfc/0x170 [ 76.541524][ T5322] do_syscall_64+0xfa/0xfa0 [ 76.543359][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.545444][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.547936][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 76.549739][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.552080][ T5322] RIP: 0033:0x7f19ac78f6c9 [ 76.553903][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.561936][ T5322] RSP: 002b:00007f19ad666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.565566][ T5322] RAX: ffffffffffffffda RBX: 00007f19ac9e5fa0 RCX: 00007f19ac78f6c9 [ 76.569082][ T5322] RDX: 0000200000000140 RSI: 00000000c01864cb RDI: 0000000000000004 [ 76.572242][ T5322] RBP: 00007f19ac811f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.575310][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.578416][ T5322] R13: 00007f19ac9e6038 R14: 00007f19ac9e5fa0 R15: 00007ffceea3a268 [ 76.581451][ T5322] [ 76.582808][ T5322] Kernel Offset: disabled [ 76.584452][ T5322] Rebooting in 86400 seconds..