program: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0x7}}}, 0x24}}, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=@deltaction={0x64, 0x31, 0x0, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x48, 0x1, [{0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}, @TCA_ACT_TAB={0x4}]}, 0x64}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe00000100000000080001"], 0x24}}, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40882, 0x141) inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b40)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r2, 0x8010640b, &(0x7f0000000000)={0x6666666666666dc, &(0x7f0000104d40)=[{0xc000003, 0x0, 0x0, 0x2f5, 0x6}, {0x2000000, 0x0, 0x0, 0x8, 0x10002}]}) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) getsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000040)=0x2, &(0x7f00000000c0)=0x4) [ 84.928687][ T5322] Bluetooth: hci0: command tx timeout [ 85.110721][ T5346] ------------[ cut here ]------------ [ 85.113033][ T5346] WARNING: CPU: 0 PID: 5346 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.118043][ T5346] Modules linked in: [ 85.119971][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 85.124395][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.129022][ T5346] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.131922][ T5346] Code: 74 10 4c 89 e7 89 54 24 0c e8 24 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 a7 36 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.141432][ T5346] RSP: 0018:ffffc9000d3d7960 EFLAGS: 00010246 [ 85.144270][ T5346] RAX: ffffc9000d3d7900 RBX: 0000000000000019 RCX: 0000000000000000 [ 85.147702][ T5346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3d79c8 [ 85.151228][ T5346] RBP: ffffc9000d3d7a50 R08: ffffc9000d3d79c7 R09: 0000000000000000 [ 85.154962][ T5346] R10: ffffc9000d3d79a0 R11: fffff52001a7af39 R12: 0000000000000000 [ 85.158375][ T5346] R13: 1ffff92001a7af30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 85.162227][ T5346] FS: 00007f59501d46c0(0000) GS:ffff88808d21d000(0000) knlGS:0000000000000000 [ 85.166750][ T5346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.169918][ T5346] CR2: 0000200000104d40 CR3: 00000000443e7000 CR4: 0000000000352ef0 [ 85.173727][ T5346] Call Trace: [ 85.175252][ T5346] [ 85.176506][ T5346] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.178737][ T5346] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.181448][ T5346] ? lock_acquire+0x175/0x360 [ 85.183814][ T5346] __alloc_pages_noprof+0xa/0x30 [ 85.186035][ T5346] ___kmalloc_large_node+0x85/0x210 [ 85.188302][ T5346] __kmalloc_large_node_noprof+0x18/0x90 [ 85.190783][ T5346] __kmalloc_noprof+0x36f/0x4f0 [ 85.192850][ T5346] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.195667][ T5346] comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.198039][ T5346] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.200485][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.202986][ T5346] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 85.205507][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.208051][ T5346] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.210735][ T5346] ? __lock_acquire+0xab9/0xd20 [ 85.212854][ T5346] ? __fget_files+0x2a/0x420 [ 85.215092][ T5346] ? __fget_files+0x2a/0x420 [ 85.217099][ T5346] ? __fget_files+0x3a0/0x420 [ 85.219382][ T5346] ? __fget_files+0x2a/0x420 [ 85.221522][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.223749][ T5346] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.226239][ T5346] __se_sys_ioctl+0xf9/0x170 [ 85.228357][ T5346] do_syscall_64+0xfa/0x3b0 [ 85.230382][ T5346] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.232622][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.235408][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 85.237519][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.240184][ T5346] RIP: 0033:0x7f5953d8e929 [ 85.242252][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.250870][ T5346] RSP: 002b:00007f59501d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.254582][ T5346] RAX: ffffffffffffffda RBX: 00007f5953fb6080 RCX: 00007f5953d8e929 [ 85.258202][ T5346] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000005 [ 85.261781][ T5346] RBP: 00007f5953e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.265774][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.269334][ T5346] R13: 0000000000000000 R14: 00007f5953fb6080 R15: 00007ffe34a916d8 [ 85.273895][ T5346] [ 85.275663][ T5346] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.279508][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 85.284210][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.289030][ T5346] Call Trace: [ 85.290473][ T5346] [ 85.291708][ T5346] dump_stack_lvl+0x99/0x250 [ 85.293484][ T5346] ? __asan_memcpy+0x40/0x70 [ 85.295305][ T5346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.297546][ T5346] ? __pfx__printk+0x10/0x10 [ 85.300178][ T5346] panic+0x2db/0x790 [ 85.302007][ T5346] ? __pfx_panic+0x10/0x10 [ 85.303891][ T5346] ? show_trace_log_lvl+0x4fb/0x550 [ 85.306184][ T5346] __warn+0x31b/0x4b0 [ 85.307941][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.310442][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.313009][ T5346] report_bug+0x2be/0x4f0 [ 85.314877][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.317503][ T5346] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.320231][ T5346] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 85.322864][ T5346] handle_bug+0x84/0x160 [ 85.324721][ T5346] exc_invalid_op+0x1a/0x50 [ 85.326731][ T5346] asm_exc_invalid_op+0x1a/0x20 [ 85.328864][ T5346] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.331755][ T5346] Code: 74 10 4c 89 e7 89 54 24 0c e8 24 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 a7 36 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.340126][ T5346] RSP: 0018:ffffc9000d3d7960 EFLAGS: 00010246 [ 85.342825][ T5346] RAX: ffffc9000d3d7900 RBX: 0000000000000019 RCX: 0000000000000000 [ 85.346307][ T5346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3d79c8 [ 85.349691][ T5346] RBP: ffffc9000d3d7a50 R08: ffffc9000d3d79c7 R09: 0000000000000000 [ 85.353020][ T5346] R10: ffffc9000d3d79a0 R11: fffff52001a7af39 R12: 0000000000000000 [ 85.356429][ T5346] R13: 1ffff92001a7af30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 85.360384][ T5346] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.362870][ T5346] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.365717][ T5346] ? lock_acquire+0x175/0x360 [ 85.367739][ T5346] __alloc_pages_noprof+0xa/0x30 [ 85.369968][ T5346] ___kmalloc_large_node+0x85/0x210 [ 85.372270][ T5346] __kmalloc_large_node_noprof+0x18/0x90 [ 85.374715][ T5346] __kmalloc_noprof+0x36f/0x4f0 [ 85.376885][ T5346] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.379367][ T5346] comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.381687][ T5346] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.384367][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.386933][ T5346] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 85.389471][ T5346] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.391902][ T5346] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.394791][ T5346] ? __lock_acquire+0xab9/0xd20 [ 85.396974][ T5346] ? __fget_files+0x2a/0x420 [ 85.399060][ T5346] ? __fget_files+0x2a/0x420 [ 85.401383][ T5346] ? __fget_files+0x3a0/0x420 [ 85.403407][ T5346] ? __fget_files+0x2a/0x420 [ 85.405435][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.407482][ T5346] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.409997][ T5346] __se_sys_ioctl+0xf9/0x170 [ 85.411896][ T5346] do_syscall_64+0xfa/0x3b0 [ 85.413736][ T5346] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.415951][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.418866][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 85.421359][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.424185][ T5346] RIP: 0033:0x7f5953d8e929 [ 85.426271][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.434735][ T5346] RSP: 002b:00007f59501d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.438411][ T5346] RAX: ffffffffffffffda RBX: 00007f5953fb6080 RCX: 00007f5953d8e929 [ 85.442274][ T5346] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000005 [ 85.446146][ T5346] RBP: 00007f5953e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.449543][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.453003][ T5346] R13: 0000000000000000 R14: 00007f5953fb6080 R15: 00007ffe34a916d8 [ 85.456474][ T5346] [ 85.458172][ T5346] Kernel Offset: disabled [ 85.460115][ T5346] Rebooting in 86400 seconds..