program: r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000080)={0xffffffffffffffbb, 0x0}) r1 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000000280), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000740000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r2}, 0x10) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, &(0x7f00000001c0)={0x1f, 0x7, @none, 0x0, 0x1}, 0xe) r4 = io_uring_setup(0x721f, &(0x7f0000000440)={0x0, 0x53af, 0x400, 0x1, 0x2fb}) r5 = io_uring_setup(0x669, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1f, 0x1d3, 0x0, r4}) setresuid(0xffffffffffffffff, 0xffffffffffffffff, 0xee01) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0xa, 0x0, r6) setsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, 0x0, 0x0) statx(r1, &(0x7f0000000240)='./file0\x00', 0x1000, 0x100, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r9, 0x0, r9) fchown(r0, r7, r9) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) close_range(r10, r0, 0x0) r11 = fanotify_init(0x200, 0x0) fanotify_mark(r11, 0x1, 0x4800003e, r10, 0x0) r12 = dup2(r11, r10) ioctl$sock_inet_sctp_SIOCINQ(r12, 0x541b, &(0x7f0000000140)) ioctl$BSG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000000)=0x9) r13 = syz_open_dev$dri(&(0x7f00000000c0), 0x42, 0x80000) ioctl$DRM_IOCTL_DMA(r13, 0xc0406429, &(0x7f0000000200)={0x0, 0x2, &(0x7f0000000100)=[0x5f, 0x6], &(0x7f0000000140)=[0xffffffc0, 0x4], 0x1, 0x1, 0x7, &(0x7f0000000180)=[0x10000], &(0x7f00000001c0)=[0x2, 0x2, 0x2, 0x8, 0x5, 0x1]}) [ 85.666487][ T5318] Bluetooth: hci0: command tx timeout [ 85.717872][ T5343] ------------[ cut here ]------------ [ 85.720235][ T5343] WARNING: CPU: 0 PID: 5343 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.724563][ T5343] Modules linked in: [ 85.726625][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 85.731568][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.736331][ T5343] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.739153][ T5343] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 99 3b 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.746647][ T5343] RSP: 0018:ffffc9000d3af960 EFLAGS: 00010246 [ 85.749039][ T5343] RAX: ffffc9000d3af900 RBX: 000000000000001a RCX: 0000000000000000 [ 85.752062][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3af9c8 [ 85.755522][ T5343] RBP: ffffc9000d3afa50 R08: ffffc9000d3af9c7 R09: 0000000000000000 [ 85.759232][ T5343] R10: ffffc9000d3af9a0 R11: fffff52001a75f39 R12: 0000000000000000 [ 85.762592][ T5343] R13: 1ffff92001a75f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 85.766479][ T5343] FS: 00007f405a4496c0(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000 [ 85.770247][ T5343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.773143][ T5343] CR2: 00007f40597ad118 CR3: 0000000043a8a000 CR4: 0000000000352ef0 [ 85.776906][ T5343] Call Trace: [ 85.778429][ T5343] [ 85.779777][ T5343] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.782678][ T5343] __alloc_pages_noprof+0xa/0x30 [ 85.784916][ T5343] ___kmalloc_large_node+0x85/0x210 [ 85.787219][ T5343] __kmalloc_large_node_noprof+0x18/0x90 [ 85.789648][ T5343] __kmalloc_noprof+0x36f/0x4f0 [ 85.791794][ T5343] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.794318][ T5343] comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.796792][ T5343] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.799296][ T5343] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.801594][ T5343] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 85.803892][ T5343] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.806329][ T5343] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.808806][ T5343] ? __lock_acquire+0xab9/0xd20 [ 85.811211][ T5343] ? __fget_files+0x2a/0x420 [ 85.813128][ T5343] ? __fget_files+0x2a/0x420 [ 85.815102][ T5343] ? __fget_files+0x3a0/0x420 [ 85.817846][ T5343] ? __fget_files+0x2a/0x420 [ 85.819923][ T5343] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.822028][ T5343] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.824517][ T5343] __se_sys_ioctl+0xfc/0x170 [ 85.826738][ T5343] do_syscall_64+0xfa/0x3b0 [ 85.828894][ T5343] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.831359][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.833991][ T5343] ? clear_bhb_loop+0x60/0xb0 [ 85.836187][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.838879][ T5343] RIP: 0033:0x7f405958e929 [ 85.840850][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.849561][ T5343] RSP: 002b:00007f405a449038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.853290][ T5343] RAX: ffffffffffffffda RBX: 00007f40597b5fa0 RCX: 00007f405958e929 [ 85.856845][ T5343] RDX: 0000200000000080 RSI: 000000008010640b RDI: 0000000000000003 [ 85.860374][ T5343] RBP: 00007f4059610b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.863973][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.867672][ T5343] R13: 0000000000000000 R14: 00007f40597b5fa0 R15: 00007ffecf397888 [ 85.871326][ T5343] [ 85.872714][ T5343] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.876119][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 85.881314][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.886205][ T5343] Call Trace: [ 85.887736][ T5343] [ 85.889179][ T5343] dump_stack_lvl+0x99/0x250 [ 85.891327][ T5343] ? __asan_memcpy+0x40/0x70 [ 85.893442][ T5343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.895529][ T5343] ? __pfx__printk+0x10/0x10 [ 85.897498][ T5343] panic+0x2db/0x790 [ 85.899126][ T5343] ? __pfx_panic+0x10/0x10 [ 85.900955][ T5343] ? show_trace_log_lvl+0x4fb/0x550 [ 85.903092][ T5343] __warn+0x31b/0x4b0 [ 85.904785][ T5343] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.907244][ T5343] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.909777][ T5343] report_bug+0x2be/0x4f0 [ 85.911631][ T5343] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.914347][ T5343] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.917053][ T5343] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 85.919567][ T5343] handle_bug+0x84/0x160 [ 85.921353][ T5343] exc_invalid_op+0x1a/0x50 [ 85.923312][ T5343] asm_exc_invalid_op+0x1a/0x20 [ 85.925556][ T5343] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.928359][ T5343] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 99 3b 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.936348][ T5343] RSP: 0018:ffffc9000d3af960 EFLAGS: 00010246 [ 85.938922][ T5343] RAX: ffffc9000d3af900 RBX: 000000000000001a RCX: 0000000000000000 [ 85.942224][ T5343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3af9c8 [ 85.945894][ T5343] RBP: ffffc9000d3afa50 R08: ffffc9000d3af9c7 R09: 0000000000000000 [ 85.949249][ T5343] R10: ffffc9000d3af9a0 R11: fffff52001a75f39 R12: 0000000000000000 [ 85.952450][ T5343] R13: 1ffff92001a75f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 85.955803][ T5343] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.958546][ T5343] __alloc_pages_noprof+0xa/0x30 [ 85.960810][ T5343] ___kmalloc_large_node+0x85/0x210 [ 85.963421][ T5343] __kmalloc_large_node_noprof+0x18/0x90 [ 85.965880][ T5343] __kmalloc_noprof+0x36f/0x4f0 [ 85.968032][ T5343] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.970383][ T5343] comedi_unlocked_ioctl+0x9ee/0xf40 [ 85.972769][ T5343] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 85.975430][ T5343] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.977929][ T5343] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 85.980430][ T5343] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 85.982938][ T5343] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 85.985545][ T5343] ? __lock_acquire+0xab9/0xd20 [ 85.987668][ T5343] ? __fget_files+0x2a/0x420 [ 85.989745][ T5343] ? __fget_files+0x2a/0x420 [ 85.991840][ T5343] ? __fget_files+0x3a0/0x420 [ 85.993996][ T5343] ? __fget_files+0x2a/0x420 [ 85.996095][ T5343] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.998417][ T5343] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.000955][ T5343] __se_sys_ioctl+0xfc/0x170 [ 86.003042][ T5343] do_syscall_64+0xfa/0x3b0 [ 86.005146][ T5343] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.007369][ T5343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.010044][ T5343] ? clear_bhb_loop+0x60/0xb0 [ 86.012125][ T5343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.014746][ T5343] RIP: 0033:0x7f405958e929 [ 86.016755][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.024881][ T5343] RSP: 002b:00007f405a449038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.028476][ T5343] RAX: ffffffffffffffda RBX: 00007f40597b5fa0 RCX: 00007f405958e929 [ 86.032012][ T5343] RDX: 0000200000000080 RSI: 000000008010640b RDI: 0000000000000003 [ 86.035442][ T5343] RBP: 00007f4059610b39 R08: 0000000000000000 R09: 0000000000000000 [ 86.038832][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.042349][ T5343] R13: 0000000000000000 R14: 00007f40597b5fa0 R15: 00007ffecf397888 [ 86.045932][ T5343] [ 86.047661][ T5343] Kernel Offset: disabled [ 86.049607][ T5343] Rebooting in 86400 seconds..