program: r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000240)={0x0}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140000001f00000000000000c02eeb2304000080"], 0x14}], 0x1}, 0x0) r7 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r4, @ANYRES8=r3, @ANYBLOB="0000800b00010062726964676500000c00028006002700000000000000000051041f1233e3680f7d888d98ca16385fb810f602a5e35e2f6f73cd78f59c671ed609000000286cc4d6d2825eb7760cfd943b5d420b1e9cfe48b89431cc6f9df3bc0ecd6e0cdeb92b31f8e1285e0a05238172ebda3caa8a642f541a70b2986d7c996aa0", @ANYBLOB="a140e36e495d05cd9315cc422c2406e54e5623d13de256c0d12d4673c92e5b513685c45792b54c58e3104c1fa81227f75d2c0419bc469e373cb26361a6ec6399c98c018fa85f51172f06ce0697adb6b3cc95486992cd9208c9f734755fd73440415b73ed4a3fae9291f157be966a5cee61262a2cee50861f5ebec68b8e11e4001bd0f8c229d8985f5a4173ad031140d4db9afb547e0df9f90f7c605fa97a27bd946b59c4aeba955d1bd164c535c1a05577c169b8ae9cf7a13a43486aa1534b9f47b1", @ANYRES8=r4, @ANYRESHEX=r8], 0x3c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x22, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r11}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5}]}}}]}, 0x3c}}, 0x0) r12 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r12, 0x3b81, &(0x7f0000000080)={0x19}) r13 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r13, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r12, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r14, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r12, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r15, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b}) syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @time_exceeded={0x3, 0x1c5f20034c00f9c5, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @private}}}}}}, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept4$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000200)=0x60, 0x40000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r0, 0xc02864c3, &(0x7f0000000400)={&(0x7f00000001c0)=[0x0], 0x1, 0x40000104, 0xb}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r1], 0x0, 0x1}) [ 87.227732][ T4702] Bluetooth: hci0: command tx timeout [ 87.239067][ T55] cfg80211: failed to load regulatory.db [ 87.336718][ T5362] ------------[ cut here ]------------ [ 87.339165][ T5362] WARNING: CPU: 0 PID: 5362 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.343632][ T5362] Modules linked in: [ 87.345408][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.349104][ T5362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.353796][ T5362] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.356522][ T5362] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 5e 09 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 87.364119][ T5362] RSP: 0018:ffffc9000d18f8e0 EFLAGS: 00010246 [ 87.366831][ T5362] RAX: ffffc9000d18f900 RBX: 0000000000000015 RCX: 0000000000000000 [ 87.370216][ T5362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d18f948 [ 87.373329][ T5362] RBP: ffffc9000d18f9c8 R08: ffffc9000d18f947 R09: 0000000000000000 [ 87.376422][ T5362] R10: ffffc9000d18f920 R11: fffff52001a31f29 R12: 0000000000000000 [ 87.379422][ T5362] R13: 1ffff92001a31f20 R14: 0000000000040cc0 R15: dffffc0000000000 [ 87.382601][ T5362] FS: 00007f2e6ca236c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 87.386568][ T5362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.389415][ T5362] CR2: 0000000000000000 CR3: 0000000042311000 CR4: 0000000000352ef0 [ 87.393304][ T5362] Call Trace: [ 87.394741][ T5362] [ 87.396287][ T5362] ? stack_depot_save_flags+0x40/0x860 [ 87.398467][ T5362] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 87.401018][ T5362] ? kasan_save_track+0x4f/0x80 [ 87.403275][ T5362] ? kasan_save_track+0x3e/0x80 [ 87.405417][ T5362] ? policy_nodemask+0x27c/0x720 [ 87.407720][ T5362] ? do_syscall_64+0xfa/0x3b0 [ 87.409804][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.412330][ T5362] alloc_pages_mpol+0x232/0x4a0 [ 87.414363][ T5362] ___kmalloc_large_node+0x5f/0x1b0 [ 87.416690][ T5362] __kmalloc_large_node_noprof+0x18/0x90 [ 87.419087][ T5362] __kmalloc_noprof+0x36f/0x4f0 [ 87.421005][ T5362] ? drm_syncobj_array_find+0x3a/0x450 [ 87.423311][ T5362] drm_syncobj_array_find+0x3a/0x450 [ 87.425676][ T5362] drm_syncobj_wait_ioctl+0x208/0x520 [ 87.428266][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.430859][ T5362] drm_ioctl_kernel+0x2cf/0x390 [ 87.433128][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.436003][ T5362] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 87.438367][ T5362] drm_ioctl+0x67f/0xb10 [ 87.440299][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.442888][ T5362] ? __pfx_drm_ioctl+0x10/0x10 [ 87.445154][ T5362] ? __fget_files+0x2a/0x420 [ 87.447786][ T5362] ? bpf_lsm_file_ioctl+0x9/0x20 [ 87.450435][ T5362] ? __pfx_drm_ioctl+0x10/0x10 [ 87.452618][ T5362] __se_sys_ioctl+0xfc/0x170 [ 87.454775][ T5362] do_syscall_64+0xfa/0x3b0 [ 87.456785][ T5362] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.459017][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.461424][ T5362] ? clear_bhb_loop+0x60/0xb0 [ 87.463307][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.465719][ T5362] RIP: 0033:0x7f2e6bb8ebe9 [ 87.467666][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.475456][ T5362] RSP: 002b:00007f2e6ca23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.479109][ T5362] RAX: ffffffffffffffda RBX: 00007f2e6bdb5fa0 RCX: 00007f2e6bb8ebe9 [ 87.482306][ T5362] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003 [ 87.485580][ T5362] RBP: 00007f2e6bc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 87.488941][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.491917][ T5362] R13: 00007f2e6bdb6038 R14: 00007f2e6bdb5fa0 R15: 00007ffc2917a548 [ 87.495256][ T5362] [ 87.496906][ T5362] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 87.500121][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.503480][ T5362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.507620][ T5362] Call Trace: [ 87.509023][ T5362] [ 87.510165][ T5362] dump_stack_lvl+0x99/0x250 [ 87.511895][ T5362] ? __asan_memcpy+0x40/0x70 [ 87.513732][ T5362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.515811][ T5362] ? __pfx__printk+0x10/0x10 [ 87.517702][ T5362] vpanic+0x281/0x750 [ 87.519265][ T5362] ? __pfx__printk+0x10/0x10 [ 87.521164][ T5362] ? __pfx_vpanic+0x10/0x10 [ 87.523023][ T5362] ? is_bpf_text_address+0x26/0x2b0 [ 87.525289][ T5362] panic+0xb9/0xc0 [ 87.526840][ T5362] ? __pfx_panic+0x10/0x10 [ 87.529387][ T5362] __warn+0x31b/0x4b0 [ 87.531133][ T5362] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.533858][ T5362] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.536931][ T5362] report_bug+0x2be/0x4f0 [ 87.539179][ T5362] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.541481][ T5362] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.544051][ T5362] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 87.546495][ T5362] handle_bug+0x84/0x160 [ 87.548194][ T5362] exc_invalid_op+0x1a/0x50 [ 87.549949][ T5362] asm_exc_invalid_op+0x1a/0x20 [ 87.551985][ T5362] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 87.554822][ T5362] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 5e 09 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 87.562659][ T5362] RSP: 0018:ffffc9000d18f8e0 EFLAGS: 00010246 [ 87.565136][ T5362] RAX: ffffc9000d18f900 RBX: 0000000000000015 RCX: 0000000000000000 [ 87.568449][ T5362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d18f948 [ 87.572054][ T5362] RBP: ffffc9000d18f9c8 R08: ffffc9000d18f947 R09: 0000000000000000 [ 87.575503][ T5362] R10: ffffc9000d18f920 R11: fffff52001a31f29 R12: 0000000000000000 [ 87.579083][ T5362] R13: 1ffff92001a31f20 R14: 0000000000040cc0 R15: dffffc0000000000 [ 87.582268][ T5362] ? stack_depot_save_flags+0x40/0x860 [ 87.584635][ T5362] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 87.587131][ T5362] ? kasan_save_track+0x4f/0x80 [ 87.588949][ T5362] ? kasan_save_track+0x3e/0x80 [ 87.590738][ T5362] ? policy_nodemask+0x27c/0x720 [ 87.592693][ T5362] ? do_syscall_64+0xfa/0x3b0 [ 87.594854][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.597239][ T5362] alloc_pages_mpol+0x232/0x4a0 [ 87.599144][ T5362] ___kmalloc_large_node+0x5f/0x1b0 [ 87.601188][ T5362] __kmalloc_large_node_noprof+0x18/0x90 [ 87.603417][ T5362] __kmalloc_noprof+0x36f/0x4f0 [ 87.605520][ T5362] ? drm_syncobj_array_find+0x3a/0x450 [ 87.607674][ T5362] drm_syncobj_array_find+0x3a/0x450 [ 87.609817][ T5362] drm_syncobj_wait_ioctl+0x208/0x520 [ 87.612087][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.614682][ T5362] drm_ioctl_kernel+0x2cf/0x390 [ 87.616743][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.619140][ T5362] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 87.621271][ T5362] drm_ioctl+0x67f/0xb10 [ 87.622916][ T5362] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10 [ 87.625367][ T5362] ? __pfx_drm_ioctl+0x10/0x10 [ 87.627582][ T5362] ? __fget_files+0x2a/0x420 [ 87.629592][ T5362] ? bpf_lsm_file_ioctl+0x9/0x20 [ 87.631633][ T5362] ? __pfx_drm_ioctl+0x10/0x10 [ 87.633714][ T5362] __se_sys_ioctl+0xfc/0x170 [ 87.635871][ T5362] do_syscall_64+0xfa/0x3b0 [ 87.637841][ T5362] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.639955][ T5362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.642752][ T5362] ? clear_bhb_loop+0x60/0xb0 [ 87.644960][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.647682][ T5362] RIP: 0033:0x7f2e6bb8ebe9 [ 87.649610][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.658862][ T5362] RSP: 002b:00007f2e6ca23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.662467][ T5362] RAX: ffffffffffffffda RBX: 00007f2e6bdb5fa0 RCX: 00007f2e6bb8ebe9 [ 87.665903][ T5362] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003 [ 87.669050][ T5362] RBP: 00007f2e6bc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 87.672118][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.675249][ T5362] R13: 00007f2e6bdb6038 R14: 00007f2e6bdb5fa0 R15: 00007ffc2917a548 [ 87.678666][ T5362] [ 87.680548][ T5362] Kernel Offset: disabled [ 87.682562][ T5362] Rebooting in 86400 seconds..