program: r0 = add_key$keyring(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000007c0)='keyring\x00', &(0x7f0000000000)=@chain) io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0xfffffffe, 0x0, 0x0, 0x2b4}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0x3, 0x4e20, 0x0, 0xa, 0x0, 0x20, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0x0, 0x3, 0x7}, {0x0, 0x0, 0x1}}, [@tmpl={0x184, 0x5, [{{@in=@remote, 0x0, 0x2b}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x0, 0x0, 0x56, 0x0, 0xfffffffd, 0x2}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in6=@remote, 0x3502, 0x0, 0x2}, {{@in6=@mcast1, 0x0, 0x3c}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x0, 0x1, 0x3, 0x81}, {{@in=@rand_addr=0x64010101, 0x4d3, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, 0x2, @in6=@loopback, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x6c}, 0x2, @in6=@private0, 0x0, 0x7}]}]}, 0x23c}}, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000000)={0x0, 0x1}) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000100)={0x1, 0x30000, 0x40, 0xffffffff, 0xffffffff, 0x2, 0x4, 0x9, 0x100, 0x101, 0xffffffff, 0x40000, 0x0, 0x0, 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") r6 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r7 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$BLKROSET(r7, 0x125d, &(0x7f00000001c0)=0x4) fsconfig$FSCONFIG_CMD_RECONFIGURE(r6, 0x7, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r8, &(0x7f0000002300)="2a9f3d609a05fcbb", 0x4788, 0x0, &(0x7f0000002280)={0x2, 0x0, @remote}, 0x10) r9 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x810800, &(0x7f0000000400)={[{@lastblock={'lastblock', 0x3d, 0xe2}}, {@gid}, {@gid_forget}, {@utf8}, {@lastblock={'lastblock', 0x3d, 0x1}}, {@noadinicb}, {@fileset={'fileset', 0x3d, 0x2}}, {@shortad}, {@uid_forget}, {@noadinicb}]}, 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG") creat(&(0x7f0000000040)='./bus\x00', 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r11 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r11, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r10, r12, r13) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r9, 0xc00864bf, &(0x7f0000000140)) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r9, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r3], 0x0, 0xa00000000000, 0x1, 0x6}) syz_open_dev$vcsa(&(0x7f00000001c0), 0x2, 0x200100) [ 85.195963][ T5299] Bluetooth: hci0: command tx timeout [ 85.303602][ T5321] loop0: detected capacity change from 0 to 512 [ 85.342907][ T5321] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 85.367072][ T5321] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 85.394291][ T5321] EXT4-fs (loop0): 1 truncate cleaned up [ 85.408838][ T5321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.426665][ T5321] Trying to write to read-only block-device loop0 [ 85.430182][ T5321] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 85.435491][ T5321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.499940][ T25] audit: type=1804 audit(1770490577.855:2): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 85.509602][ T5321] ------------[ cut here ]------------ [ 85.511835][ T5321] 1 [ 85.511846][ T5321] WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5321 [ 85.517878][ T5321] Modules linked in: [ 85.519965][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.523970][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.529289][ T5321] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.532424][ T5321] Code: 74 10 4c 89 e7 89 54 24 0c e8 ab 16 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 54 09 b9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.540767][ T5321] RSP: 0018:ffffc9000b02f8a0 EFLAGS: 00010246 [ 85.543219][ T5321] RAX: ffffc9000b02f800 RBX: 000000000000000f RCX: 0000000000000000 [ 85.547878][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000b02f908 [ 85.552228][ T5321] RBP: ffffc9000b02f988 R08: ffffc9000b02f907 R09: 0000000000000000 [ 85.555846][ T5321] R10: ffffc9000b02f8e0 R11: fffff52001605f21 R12: 0000000000000000 [ 85.559723][ T5321] R13: 1ffff92001605f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.563321][ T5321] FS: 00007f7e7a6826c0(0000) GS:ffff88808cce8000(0000) knlGS:0000000000000000 [ 85.567600][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.570325][ T5321] CR2: 00002000000000e4 CR3: 0000000035e91000 CR4: 0000000000352ef0 [ 85.573784][ T5321] Call Trace: [ 85.575308][ T5321] [ 85.576443][ T5321] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.578881][ T5321] ? __pfx_policy_nodemask+0x10/0x10 [ 85.581236][ T5321] ? kasan_save_track+0x4f/0x80 [ 85.583475][ T5321] ? kasan_save_free_info+0x46/0x50 [ 85.585999][ T5321] ? __kasan_slab_free+0x5c/0x80 [ 85.588244][ T5321] ? kfree+0x1be/0x650 [ 85.590000][ T5321] alloc_pages_mpol+0x232/0x4a0 [ 85.592131][ T5321] ___kmalloc_large_node+0x4e/0x150 [ 85.594493][ T5321] __kmalloc_large_node_noprof+0x18/0x90 [ 85.597204][ T5321] __kmalloc_noprof+0x4b8/0x7e0 [ 85.599465][ T5321] ? drm_syncobj_array_find+0x3a/0x450 [ 85.601927][ T5321] drm_syncobj_array_find+0x3a/0x450 [ 85.604292][ T5321] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 85.606933][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.609646][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 85.611727][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.614148][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.616020][ T5321] drm_ioctl+0x6ba/0xb80 [ 85.617746][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.620504][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 85.622574][ T5321] ? __fget_files+0x2a/0x420 [ 85.624468][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.626417][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 85.628258][ T5321] __se_sys_ioctl+0xfc/0x170 [ 85.629929][ T5321] do_syscall_64+0xe2/0xf80 [ 85.631714][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.633901][ T5321] ? trace_irq_disable+0x37/0x100 [ 85.635861][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 85.637651][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.639847][ T5321] RIP: 0033:0x7f7e7979aeb9 [ 85.641862][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.651045][ T5321] RSP: 002b:00007f7e7a682028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.654646][ T5321] RAX: ffffffffffffffda RBX: 00007f7e79a15fa0 RCX: 00007f7e7979aeb9 [ 85.658026][ T5321] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000c [ 85.661848][ T5321] RBP: 00007f7e79808c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.665546][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.668915][ T5321] R13: 00007f7e79a16038 R14: 00007f7e79a15fa0 R15: 00007ffdfcce2298 [ 85.672107][ T5321] [ 85.673376][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.676034][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.679114][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.682612][ T5321] Call Trace: [ 85.683883][ T5321] [ 85.685002][ T5321] vpanic+0x1e0/0x670 [ 85.686562][ T5321] panic+0xc5/0xd0 [ 85.688083][ T5321] ? __pfx_panic+0x10/0x10 [ 85.689872][ T5321] __warn+0x315/0x4a0 [ 85.691471][ T5321] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.693936][ T5321] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.696322][ T5321] __report_bug+0x29a/0x540 [ 85.698141][ T5321] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.700405][ T5321] ? __pfx___report_bug+0x10/0x10 [ 85.702256][ T5321] ? is_bpf_text_address+0x26/0x2b0 [ 85.704213][ T5321] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.706508][ T5321] report_bug+0x16a/0x220 [ 85.708222][ T5321] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.710511][ T5321] ? __alloc_frozen_pages_noprof+0x2d3/0x380 [ 85.713063][ T5321] handle_bug+0x98/0x200 [ 85.715009][ T5321] exc_invalid_op+0x1a/0x50 [ 85.716909][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 85.718954][ T5321] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.721894][ T5321] Code: 74 10 4c 89 e7 89 54 24 0c e8 ab 16 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 54 09 b9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.729584][ T5321] RSP: 0018:ffffc9000b02f8a0 EFLAGS: 00010246 [ 85.732110][ T5321] RAX: ffffc9000b02f800 RBX: 000000000000000f RCX: 0000000000000000 [ 85.735065][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000b02f908 [ 85.738262][ T5321] RBP: ffffc9000b02f988 R08: ffffc9000b02f907 R09: 0000000000000000 [ 85.741354][ T5321] R10: ffffc9000b02f8e0 R11: fffff52001605f21 R12: 0000000000000000 [ 85.744472][ T5321] R13: 1ffff92001605f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.747726][ T5321] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.750291][ T5321] ? __pfx_policy_nodemask+0x10/0x10 [ 85.752336][ T5321] ? kasan_save_track+0x4f/0x80 [ 85.754242][ T5321] ? kasan_save_free_info+0x46/0x50 [ 85.756282][ T5321] ? __kasan_slab_free+0x5c/0x80 [ 85.758182][ T5321] ? kfree+0x1be/0x650 [ 85.759937][ T5321] alloc_pages_mpol+0x232/0x4a0 [ 85.761808][ T5321] ___kmalloc_large_node+0x4e/0x150 [ 85.763753][ T5321] __kmalloc_large_node_noprof+0x18/0x90 [ 85.765911][ T5321] __kmalloc_noprof+0x4b8/0x7e0 [ 85.767862][ T5321] ? drm_syncobj_array_find+0x3a/0x450 [ 85.769955][ T5321] drm_syncobj_array_find+0x3a/0x450 [ 85.771976][ T5321] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 85.774336][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.776901][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 85.778932][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.781684][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.783784][ T5321] drm_ioctl+0x6ba/0xb80 [ 85.785568][ T5321] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.788272][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 85.790222][ T5321] ? __fget_files+0x2a/0x420 [ 85.792124][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.794224][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 85.796342][ T5321] __se_sys_ioctl+0xfc/0x170 [ 85.798392][ T5321] do_syscall_64+0xe2/0xf80 [ 85.800458][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.803055][ T5321] ? trace_irq_disable+0x37/0x100 [ 85.805252][ T5321] ? clear_bhb_loop+0x60/0xb0 [ 85.807331][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.809438][ T5321] RIP: 0033:0x7f7e7979aeb9 [ 85.811394][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.819616][ T5321] RSP: 002b:00007f7e7a682028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.823184][ T5321] RAX: ffffffffffffffda RBX: 00007f7e79a15fa0 RCX: 00007f7e7979aeb9 [ 85.826510][ T5321] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000c [ 85.829839][ T5321] RBP: 00007f7e79808c1f R08: 0000000000000000 R09: 0000000000000000 [ 85.832814][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.835538][ T5321] R13: 00007f7e79a16038 R14: 00007f7e79a15fa0 R15: 00007ffdfcce2298 [ 85.838345][ T5321] [ 85.839635][ T5321] Kernel Offset: disabled [ 85.841248][ T5321] Rebooting in 86400 seconds..