program: syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = openat$fb1(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x80, 0x4, 0x2, 0x11, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x4001}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x6, 0xda, 0x2, 0x5, 0x6, 0xa, 0x4, 0x0, 0x6}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x8080) ioctl$DRM_IOCTL_PANTHOR_GROUP_CREATE(0xffffffffffffffff, 0xc0386447, &(0x7f00000000c0)={{0x8, 0x9, &(0x7f0000000040)=[{0xd, 0x0, 0x4b8}, {0x9, 0x0, 0xfffffffd}, {0x3, 0x0, 0x9}, {0x7, 0x0, 0xe}, {0x6, 0x0, 0x9}, {0x9, 0x0, 0x6}, {0x5, 0x0, 0x5}, {0x1, 0x0, 0x9}, {0x4, 0x0, 0x6}]}, 0x4, 0x63, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x2, 0x4b65, 0x0, 0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000100)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000180)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000200)={0x0}) (async) r7 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r7, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r8], 0xfffffffffffffffe, 0xfffffffffffeffff, 0x1, 0xb}) r9 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r9, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) (async) r10 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r10, 0xc00864bf, &(0x7f0000000240)={0x0}) r12 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000480), 0x802, 0x0) ioctl$UI_DEV_DESTROY(r12, 0x5502) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r9, 0xc00864bf, &(0x7f0000000080)={0x0, 0x1}) (async) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r9, 0xc01864cb, &(0x7f00000001c0)={&(0x7f00000000c0)=[r11], &(0x7f0000000140), 0x1, 0x1}) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000002c0)={0x0, 0x1}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000300)={0x0}) ioctl$DRM_IOCTL_PANTHOR_GROUP_SUBMIT(r1, 0xc0186449, &(0x7f0000000440)={r2, 0x0, {0x28, 0x4, &(0x7f0000000380)=[{0x0, 0x8bb234e8, 0x4ac88992af75d180, 0x2, 0x0, {0x10, 0x3, &(0x7f00000001c0)=[{0xff, r3, 0x4}, {0x80000000, r4, 0x7}, {0x1, r5, 0x40}]}}, {0x10000, 0x816aa228, 0xa5507af2f26674c0, 0xc54, 0x0, {0x10, 0x2, &(0x7f0000000240)=[{0xff, r6, 0x1}, {0x0, r8, 0x10000}]}}, {0x8, 0x5999f8, 0xf8f09febdd132e80, 0x1000, 0x0, {0x10, 0x1, &(0x7f0000000280)=[{0x0, r11, 0x6}]}}, {0x6, 0x307c1c78, 0xa297bb9d35a48840, 0x3b0, 0x0, {0x10, 0x2, &(0x7f0000000340)=[{0xff, r13, 0xa}, {0xff, r14, 0x7fffffff}]}}]}}) [ 84.954606][ T5303] Bluetooth: hci0: command tx timeout [ 85.149049][ T5331] ------------[ cut here ]------------ [ 85.152157][ T5331] 1 [ 85.152173][ T5331] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5331 [ 85.159822][ T5331] Modules linked in: [ 85.161621][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.166562][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.171715][ T5331] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.174711][ T5331] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 c9 96 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.185087][ T5331] RSP: 0018:ffffc9000dc1f8a0 EFLAGS: 00010246 [ 85.187966][ T5331] RAX: ffffc9000dc1f800 RBX: 0000000000000015 RCX: 0000000000000000 [ 85.191580][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000dc1f908 [ 85.195507][ T5331] RBP: ffffc9000dc1f988 R08: ffffc9000dc1f907 R09: 0000000000000000 [ 85.199605][ T5331] R10: ffffc9000dc1f8e0 R11: fffff52001b83f21 R12: 0000000000000000 [ 85.203537][ T5331] R13: 1ffff92001b83f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.207273][ T5331] FS: 00007f2d0aa8a6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 85.212476][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.215881][ T5331] CR2: 00007ffffffff000 CR3: 0000000011966000 CR4: 0000000000352ef0 [ 85.219715][ T5331] Call Trace: [ 85.221314][ T5331] [ 85.222747][ T5331] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.226245][ T5331] ? __pfx_policy_nodemask+0x10/0x10 [ 85.229273][ T5331] ? kasan_save_track+0x4f/0x80 [ 85.231627][ T5331] ? kasan_save_track+0x3e/0x80 [ 85.233943][ T5331] ? kasan_save_free_info+0x46/0x50 [ 85.236269][ T5331] ? kfree+0x1c1/0x630 [ 85.238708][ T5331] ? tomoyo_path_number_perm+0x501/0x630 [ 85.242050][ T5331] ? security_file_ioctl+0xc3/0x2a0 [ 85.245459][ T5331] alloc_pages_mpol+0x232/0x4a0 [ 85.247624][ T5331] ___kmalloc_large_node+0x4e/0x150 [ 85.249982][ T5331] __kmalloc_large_node_noprof+0x18/0x90 [ 85.252541][ T5331] __kmalloc_noprof+0x3e8/0x760 [ 85.254920][ T5331] ? drm_syncobj_array_find+0x3a/0x440 [ 85.257617][ T5331] drm_syncobj_array_find+0x3a/0x440 [ 85.260805][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 85.263199][ T5331] drm_syncobj_query_ioctl+0x1c3/0xb70 [ 85.265820][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.268516][ T5331] drm_ioctl_kernel+0x2df/0x3b0 [ 85.270645][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.273512][ T5331] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.275992][ T5331] drm_ioctl+0x6ba/0xb80 [ 85.277896][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.280689][ T5331] ? __pfx_drm_ioctl+0x10/0x10 [ 85.283202][ T5331] ? __fget_files+0x2a/0x420 [ 85.285901][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.288176][ T5331] ? __pfx_drm_ioctl+0x10/0x10 [ 85.290429][ T5331] __se_sys_ioctl+0xfc/0x170 [ 85.292847][ T5331] do_syscall_64+0x14d/0xf80 [ 85.295180][ T5331] ? trace_irq_disable+0x3b/0x150 [ 85.297537][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.300551][ T5331] ? clear_bhb_loop+0x40/0x90 [ 85.302844][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.306195][ T5331] RIP: 0033:0x7f2d09b9c819 [ 85.308717][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.317699][ T5331] RSP: 002b:00007f2d0aa89fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.322645][ T5331] RAX: ffffffffffffffda RBX: 00007f2d09e16090 RCX: 00007f2d09b9c819 [ 85.326612][ T5331] RDX: 00002000000001c0 RSI: 00000000c01864cb RDI: 0000000000000006 [ 85.330240][ T5331] RBP: 00007f2d09c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 85.334036][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.337634][ T5331] R13: 00007f2d09e16128 R14: 00007f2d09e16090 R15: 00007ffe8b113dc8 [ 85.342127][ T5331] [ 85.344166][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.348175][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.352909][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.358103][ T5331] Call Trace: [ 85.359682][ T5331] [ 85.361064][ T5331] vpanic+0x56c/0xa60 [ 85.362889][ T5331] ? __pfx__printk+0x10/0x10 [ 85.365199][ T5331] ? __pfx_vpanic+0x10/0x10 [ 85.367845][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 85.370703][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 85.373145][ T5331] panic+0xc5/0xd0 [ 85.374838][ T5331] ? __pfx_panic+0x10/0x10 [ 85.376893][ T5331] __warn+0x315/0x4f0 [ 85.379188][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.382864][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.385721][ T5331] __report_bug+0x29a/0x540 [ 85.387783][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.390151][ T5331] ? __pfx___report_bug+0x10/0x10 [ 85.392160][ T5331] ? is_bpf_text_address+0x26/0x2b0 [ 85.394292][ T5331] ? is_bpf_text_address+0x292/0x2b0 [ 85.396618][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.399327][ T5331] report_bug+0x16a/0x220 [ 85.401316][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.404965][ T5331] ? __alloc_frozen_pages_noprof+0x2d3/0x380 [ 85.408371][ T5331] handle_bug+0x9c/0x200 [ 85.410306][ T5331] exc_invalid_op+0x1a/0x50 [ 85.412449][ T5331] asm_exc_invalid_op+0x1a/0x20 [ 85.414689][ T5331] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.417482][ T5331] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 c9 96 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.425634][ T5331] RSP: 0018:ffffc9000dc1f8a0 EFLAGS: 00010246 [ 85.428606][ T5331] RAX: ffffc9000dc1f800 RBX: 0000000000000015 RCX: 0000000000000000 [ 85.431999][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000dc1f908 [ 85.435415][ T5331] RBP: ffffc9000dc1f988 R08: ffffc9000dc1f907 R09: 0000000000000000 [ 85.439342][ T5331] R10: ffffc9000dc1f8e0 R11: fffff52001b83f21 R12: 0000000000000000 [ 85.444437][ T5331] R13: 1ffff92001b83f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.448323][ T5331] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.451057][ T5331] ? __pfx_policy_nodemask+0x10/0x10 [ 85.453342][ T5331] ? kasan_save_track+0x4f/0x80 [ 85.455479][ T5331] ? kasan_save_track+0x3e/0x80 [ 85.457594][ T5331] ? kasan_save_free_info+0x46/0x50 [ 85.459927][ T5331] ? kfree+0x1c1/0x630 [ 85.461951][ T5331] ? tomoyo_path_number_perm+0x501/0x630 [ 85.465089][ T5331] ? security_file_ioctl+0xc3/0x2a0 [ 85.467741][ T5331] alloc_pages_mpol+0x232/0x4a0 [ 85.470102][ T5331] ___kmalloc_large_node+0x4e/0x150 [ 85.472397][ T5331] __kmalloc_large_node_noprof+0x18/0x90 [ 85.475052][ T5331] __kmalloc_noprof+0x3e8/0x760 [ 85.477635][ T5331] ? drm_syncobj_array_find+0x3a/0x440 [ 85.480077][ T5331] drm_syncobj_array_find+0x3a/0x440 [ 85.482640][ T5331] ? __lock_acquire+0x6b5/0x2cf0 [ 85.485118][ T5331] drm_syncobj_query_ioctl+0x1c3/0xb70 [ 85.487719][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.490550][ T5331] drm_ioctl_kernel+0x2df/0x3b0 [ 85.492841][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.496125][ T5331] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.498946][ T5331] drm_ioctl+0x6ba/0xb80 [ 85.501297][ T5331] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 85.504033][ T5331] ? __pfx_drm_ioctl+0x10/0x10 [ 85.506114][ T5331] ? __fget_files+0x2a/0x420 [ 85.508320][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.510723][ T5331] ? __pfx_drm_ioctl+0x10/0x10 [ 85.513283][ T5331] __se_sys_ioctl+0xfc/0x170 [ 85.515803][ T5331] do_syscall_64+0x14d/0xf80 [ 85.517999][ T5331] ? trace_irq_disable+0x3b/0x150 [ 85.520224][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.522859][ T5331] ? clear_bhb_loop+0x40/0x90 [ 85.525040][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.528294][ T5331] RIP: 0033:0x7f2d09b9c819 [ 85.530574][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.539201][ T5331] RSP: 002b:00007f2d0aa89fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.543799][ T5331] RAX: ffffffffffffffda RBX: 00007f2d09e16090 RCX: 00007f2d09b9c819 [ 85.547518][ T5331] RDX: 00002000000001c0 RSI: 00000000c01864cb RDI: 0000000000000006 [ 85.551070][ T5331] RBP: 00007f2d09c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 85.554716][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.558867][ T5331] R13: 00007f2d09e16128 R14: 00007f2d09e16090 R15: 00007ffe8b113dc8 [ 85.562765][ T5331] [ 85.564617][ T5331] Kernel Offset: disabled [ 85.566577][ T5331] Rebooting in 86400 seconds..