program: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000200)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@usrquota}, {@errors_remount}, {@dioread_lock}, {@noquota}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@nombcache}, {}]}, 0x45, 0x7b6, &(0x7f0000001140)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sBQaCLSnHpoYWTGpZStYcoiNaRNKoZdCW3prLzn356X02h+HXtr/oySkrROa0kNxGf2wZVtyrMSWkubzgYne07zRe995ozcvmrEUwBNrPP0nE3EsIl5PIkbrzycR0V9NZSOma+Xura/l0yWJjY1nvkuqZe6ur+WjaZvUkXrmjxHx+SsRJzK76y2vrM7PFIuFpXp+orJweaK8snry0sLMXGGusHh6cmrq1Jl/nDn9UOENN2d++Hr16K03/v/XD6Z/evkPH772RRLTcbS+rjmOgzIe4/V90p/uwm3+d9CV9czHL+6jUNMRkD3MxtChtGP66r1yLEajb6/+Ge5mywCAw/JSRGy009d2DQDwWEtq5///9LodAEC3ND4HuLu+lm8svf1Eortu/zcihobqudr1zVo6W79mN1S9DjpyN9l2ZSSJiLEDqH88It755Pn30iUO6TokQCvXrkfEhbHx3eN/suuehU79rfXTc82Z8R0rjX/QPZ+m859/tpr/ZTbnP9Fi/jPY4r37IO7//s/cPIBq2krnf/9uurftXlP8dWN99dxvqnO+/uTipWIhHdt+GxHHo38wzU/uUcfxOz/fabeuef73/ZsvvJvWnz5ulcjczA5u32Z2pjLzMDE3u3094k/ZVvGn4/9gtf+TNvPfc/X0wH3qeOpfr77dbl0afxpvY9kd/+HauBHxl5b9n2yWSfa8P3GiejhMNA6KFj6ajpF29Y9nt/o/XdL6G/8X6Ia0/0f2jn8sab5fs7zvl968W+yrG6OftSvUfPy3jr/18T+QPFtNN469qzOVytJkxEDy9O7nT21t28g3yqfxH/9z6/d/Y/xrcfw/l77+hX3uiOytb99/8PgPVxr/bEf933Eihu7N97Wrf3/9P7Vtm/2Mf/tt4IPuNwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSyW2mM5lcrvYb3r+PkUyxVK6cuFhaXpyN6m9lj0V/pvFVl6NN34c6Wf8+/Eb+1I783yPidxHx1uBwNZ/Ll4qzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqOtPn9/9Q3gzsK9/WihQDAoRhyYgeAJ02Szfa6CQBAtw11VHr40NoBAHRPZ+d/AODXwPkfAJ489zn/7/wzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjUubNn02Xjx/W1fJqfvbKyPF+6cnK2UJ7PLSznc/nS0uXcXKk0Vyzk8qWFti90rfZQLJUuT8Xi8tWJSqFcmSivrJ5fKC0vVs5fWpiZK5wv9HctMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv/LK6vxMsVhYkuhJYv7LWj88Ku2R6CwR12r996i05+ASMbA1Sgz3ZnACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8EgAA//99gB7t") r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r0, 0xc02064cc, &(0x7f00000001c0)={r1, r1, 0x1, 0x1000000000, 0x2}) ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, &(0x7f0000000200)={&(0x7f0000000040)=[r1], 0x400001a7}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x8200, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000340)={&(0x7f0000000180)=[r1, r3, r1, r1], &(0x7f00000002c0)=[0x7c, 0xf502, 0x2], 0x4}) r4 = socket$rds(0x15, 0x5, 0x0) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000040)={@host}) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r5, 0x7b1, &(0x7f0000000140)={{}, 0x6}) bind$rds(r4, &(0x7f00000021c0)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r4, &(0x7f0000002180)={&(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000001fc0)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x1f00}, &(0x7f00000000c0)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/48}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0xfffffffffffffd5a}, &(0x7f0000001ec0)=[{&(0x7f0000001a00)=""/161, 0xfffffeb8}], 0x1}}], 0x90}, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) sendfile(r2, r6, 0x0, 0x20fffe82) ioctl$EXT4_IOC_MOVE_EXT(r2, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x89d9, 0x10000, 0x2, 0x3}) [ 118.278626][ T4685] Bluetooth: hci0: command tx timeout [ 118.349980][ T5346] loop0: detected capacity change from 0 to 2048 [ 118.377671][ T5346] EXT4-fs: Ignoring removed mblk_io_submit option [ 118.408515][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.471881][ T5347] ------------[ cut here ]------------ [ 118.474839][ T5347] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5347 [ 118.479954][ T5347] Modules linked in: [ 118.481605][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 118.485616][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.490269][ T5347] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.493255][ T5347] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b3 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 118.501884][ T5347] RSP: 0018:ffffc900092df960 EFLAGS: 00010246 [ 118.504705][ T5347] RAX: ffffc900092df900 RBX: 0000000000000015 RCX: 0000000000000000 [ 118.508187][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900092df9c8 [ 118.511656][ T5347] RBP: ffffc900092dfa60 R08: ffffc900092df9c7 R09: 0000000000000000 [ 118.515276][ T5347] R10: ffffc900092df9a0 R11: fffff5200125bf39 R12: 0000000000000000 [ 118.518799][ T5347] R13: 1ffff9200125bf30 R14: 0000000000040cc0 R15: dffffc0000000000 [ 118.522176][ T5347] FS: 00007fad1ee4e6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 118.526106][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.529289][ T5347] CR2: 00007fad1ee4dfc8 CR3: 0000000039e22000 CR4: 0000000000352ef0 [ 118.533517][ T5347] Call Trace: [ 118.535336][ T5347] [ 118.537013][ T5347] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 118.539626][ T5347] ? __se_sys_ioctl+0x47/0x170 [ 118.541695][ T5347] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 118.544503][ T5347] ? policy_nodemask+0x27c/0x720 [ 118.546668][ T5347] ? __lock_acquire+0x6b6/0x2cf0 [ 118.548947][ T5347] alloc_pages_mpol+0x232/0x4a0 [ 118.551330][ T5347] ___kmalloc_large_node+0x4e/0x150 [ 118.553770][ T5347] __kmalloc_large_node_noprof+0x18/0x90 [ 118.556381][ T5347] __kmalloc_noprof+0x4c9/0x800 [ 118.558735][ T5347] ? drm_dev_enter+0x49/0x150 [ 118.560612][ T5347] ? drm_syncobj_array_find+0x3a/0x450 [ 118.563389][ T5347] drm_syncobj_array_find+0x3a/0x450 [ 118.566819][ T5347] drm_syncobj_reset_ioctl+0x16b/0x2f0 [ 118.570009][ T5347] drm_ioctl_kernel+0x2cf/0x390 [ 118.573704][ T5347] ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10 [ 118.576608][ T5347] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 118.579017][ T5347] drm_ioctl+0x67f/0xb10 [ 118.581034][ T5347] ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10 [ 118.584364][ T5347] ? __pfx_drm_ioctl+0x10/0x10 [ 118.586619][ T5347] ? __fget_files+0x2a/0x420 [ 118.588678][ T5347] ? bpf_lsm_file_ioctl+0x9/0x20 [ 118.590913][ T5347] ? __pfx_drm_ioctl+0x10/0x10 [ 118.593071][ T5347] __se_sys_ioctl+0xfc/0x170 [ 118.595071][ T5347] do_syscall_64+0xec/0xf80 [ 118.597118][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.599798][ T5347] ? trace_irq_disable+0x37/0x100 [ 118.601914][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 118.604056][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.606783][ T5347] RIP: 0033:0x7fad1df8f7c9 [ 118.608652][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.617282][ T5347] RSP: 002b:00007fad1ee4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.620908][ T5347] RAX: ffffffffffffffda RBX: 00007fad1e1e6090 RCX: 00007fad1df8f7c9 [ 118.624682][ T5347] RDX: 0000200000000200 RSI: 00000000c01064c4 RDI: 0000000000000004 [ 118.628178][ T5347] RBP: 00007fad1e013f91 R08: 0000000000000000 R09: 0000000000000000 [ 118.631625][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.635257][ T5347] R13: 00007fad1e1e6128 R14: 00007fad1e1e6090 R15: 00007ffe4eba0888 [ 118.638752][ T5347] [ 118.640088][ T5347] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 118.643433][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 118.647910][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.651767][ T5347] Call Trace: [ 118.653137][ T5347] [ 118.654513][ T5347] vpanic+0x1e0/0x670 [ 118.656593][ T5347] panic+0xb9/0xc0 [ 118.658365][ T5347] ? __pfx_panic+0x10/0x10 [ 118.660223][ T5347] __warn+0x317/0x4b0 [ 118.662020][ T5347] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.664871][ T5347] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.667474][ T5347] __report_bug+0x288/0x500 [ 118.669349][ T5347] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.672027][ T5347] ? __pfx___report_bug+0x10/0x10 [ 118.674278][ T5347] ? is_bpf_text_address+0x292/0x2b0 [ 118.676555][ T5347] ? is_bpf_text_address+0x26/0x2b0 [ 118.678874][ T5347] ? kernel_text_address+0xa5/0xe0 [ 118.681467][ T5347] ? __kernel_text_address+0xd/0x40 [ 118.684142][ T5347] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.686923][ T5347] ? arch_stack_walk+0xfc/0x150 [ 118.689083][ T5347] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.691683][ T5347] report_bug+0x16a/0x220 [ 118.693435][ T5347] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.695739][ T5347] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 118.698219][ T5347] handle_bug+0x98/0x200 [ 118.700188][ T5347] exc_invalid_op+0x1a/0x50 [ 118.702262][ T5347] asm_exc_invalid_op+0x1a/0x20 [ 118.704329][ T5347] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 118.706976][ T5347] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b3 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 118.715818][ T5347] RSP: 0018:ffffc900092df960 EFLAGS: 00010246 [ 118.718379][ T5347] RAX: ffffc900092df900 RBX: 0000000000000015 RCX: 0000000000000000 [ 118.721847][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900092df9c8 [ 118.725355][ T5347] RBP: ffffc900092dfa60 R08: ffffc900092df9c7 R09: 0000000000000000 [ 118.728891][ T5347] R10: ffffc900092df9a0 R11: fffff5200125bf39 R12: 0000000000000000 [ 118.731932][ T5347] R13: 1ffff9200125bf30 R14: 0000000000040cc0 R15: dffffc0000000000 [ 118.735308][ T5347] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 118.737659][ T5347] ? __se_sys_ioctl+0x47/0x170 [ 118.739937][ T5347] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 118.742479][ T5347] ? policy_nodemask+0x27c/0x720 [ 118.744595][ T5347] ? __lock_acquire+0x6b6/0x2cf0 [ 118.746735][ T5347] alloc_pages_mpol+0x232/0x4a0 [ 118.748911][ T5347] ___kmalloc_large_node+0x4e/0x150 [ 118.751184][ T5347] __kmalloc_large_node_noprof+0x18/0x90 [ 118.753675][ T5347] __kmalloc_noprof+0x4c9/0x800 [ 118.755832][ T5347] ? drm_dev_enter+0x49/0x150 [ 118.757939][ T5347] ? drm_syncobj_array_find+0x3a/0x450 [ 118.760403][ T5347] drm_syncobj_array_find+0x3a/0x450 [ 118.762428][ T5347] drm_syncobj_reset_ioctl+0x16b/0x2f0 [ 118.764452][ T5347] drm_ioctl_kernel+0x2cf/0x390 [ 118.766484][ T5347] ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10 [ 118.769070][ T5347] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 118.771643][ T5347] drm_ioctl+0x67f/0xb10 [ 118.773384][ T5347] ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10 [ 118.776562][ T5347] ? __pfx_drm_ioctl+0x10/0x10 [ 118.779308][ T5347] ? __fget_files+0x2a/0x420 [ 118.781764][ T5347] ? bpf_lsm_file_ioctl+0x9/0x20 [ 118.783859][ T5347] ? __pfx_drm_ioctl+0x10/0x10 [ 118.785880][ T5347] __se_sys_ioctl+0xfc/0x170 [ 118.787884][ T5347] do_syscall_64+0xec/0xf80 [ 118.789797][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.792399][ T5347] ? trace_irq_disable+0x37/0x100 [ 118.794525][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 118.796635][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.799159][ T5347] RIP: 0033:0x7fad1df8f7c9 [ 118.801022][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.808555][ T5347] RSP: 002b:00007fad1ee4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.812003][ T5347] RAX: ffffffffffffffda RBX: 00007fad1e1e6090 RCX: 00007fad1df8f7c9 [ 118.815386][ T5347] RDX: 0000200000000200 RSI: 00000000c01064c4 RDI: 0000000000000004 [ 118.818641][ T5347] RBP: 00007fad1e013f91 R08: 0000000000000000 R09: 0000000000000000 [ 118.822011][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.825400][ T5347] R13: 00007fad1e1e6128 R14: 00007fad1e1e6090 R15: 00007ffe4eba0888 [ 118.828954][ T5347] [ 118.830690][ T5347] Kernel Offset: disabled [ 118.832503][ T5347] Rebooting in 86400 seconds..