program: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[0x6, 0x4]}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x1) ioctl$sock_TIOCOUTQ(r1, 0x5411, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000200), 0x2, 0x408a85) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f00000001c0)={r3, r3, 0x1, 0x5, 0x2}) (async) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000300)={&(0x7f0000000140)=[r3, r3], &(0x7f0000000280)=[0x0, 0x7fff], 0x2}) r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r4, 0xc01864cb, &(0x7f0000000180)={&(0x7f0000000080)=[r5, r5], &(0x7f0000000100), 0x400000fe, 0x1}) (async, rerun: 32) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0) close(r8) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) (async) r11 = socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r12 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x8, 0x70b923, 0x25dfdbfe, {0x0, 0x0, 0x0, r13, {}, {0x6, 0xb}, {0xf, 0xb}}}, 0x4e}, 0x1, 0x0, 0x0, 0x8001}, 0x20040040) sendto$packet(r11, &(0x7f00000001c0)="fad33075218151db00316f3a277fedbc86dd46fe766f486d7cea18d5be2cf4380cc23be564201f35", 0x28, 0x880, &(0x7f0000000080)={0x11, 0x88a8, r10, 0x1, 0xda, 0x6, @random="580ad7f07318"}, 0x14) (async) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB="5000000002060108000034e4000000000000000805000400000000000900020073797a3100000000050005000200000016000300686173683a6e65742c706f72742c6e65740000000500010007"], 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042) (async) socket$nl_netfilter(0x10, 0x3, 0xc) [ 75.346604][ T4650] Bluetooth: hci0: command tx timeout [ 75.418836][ T5317] ------------[ cut here ]------------ [ 75.421274][ T5317] 1 [ 75.421286][ T5317] WARNING: mm/page_alloc.c:5280 at __alloc_frozen_pages_noprof+0x2ce/0x380, CPU#0: syz.0.0/5317 [ 75.427670][ T5317] Modules linked in: [ 75.430019][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.434294][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.438498][ T5317] RIP: 0010:__alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.441486][ T5317] Code: 74 10 4c 89 e7 89 54 24 0c e8 ee 28 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 ab fe ff ff e9 ac fe ff ff c6 05 b4 77 f5 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.451064][ T5317] RSP: 0018:ffffc90005987880 EFLAGS: 00010246 [ 75.453941][ T5317] RAX: ffffc90005987800 RBX: 0000000000000015 RCX: 0000000000000000 [ 75.457387][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900059878e8 [ 75.460870][ T5317] RBP: ffffc90005987970 R08: ffffc900059878e7 R09: 0000000000000000 [ 75.464676][ T5317] R10: ffffc900059878c0 R11: fffff52000b30f1d R12: 0000000000000000 [ 75.468292][ T5317] R13: 1ffff92000b30f14 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.471939][ T5317] FS: 00007ff717a156c0(0000) GS:ffff88808c821000(0000) knlGS:0000000000000000 [ 75.475966][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.479459][ T5317] CR2: 00007ff7179d2fe8 CR3: 0000000012adb000 CR4: 0000000000352ef0 [ 75.483602][ T5317] Call Trace: [ 75.485082][ T5317] [ 75.486369][ T5317] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.488949][ T5317] ? __pfx_policy_nodemask+0x10/0x10 [ 75.491326][ T5317] ? kasan_save_track+0x4f/0x80 [ 75.493900][ T5317] ? kasan_save_track+0x3e/0x80 [ 75.496451][ T5317] ? kasan_save_free_info+0x40/0x50 [ 75.499293][ T5317] ? __kasan_slab_free+0x5c/0x80 [ 75.501704][ T5317] alloc_pages_mpol+0x212/0x380 [ 75.503938][ T5317] ___kmalloc_large_node+0x4c/0x120 [ 75.506142][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.508487][ T5317] __kmalloc_large_node_noprof+0x18/0x90 [ 75.511259][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.514267][ T5317] __kmalloc_noprof+0x405/0x720 [ 75.516874][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.519317][ T5317] drm_syncobj_array_find+0x3a/0x440 [ 75.521799][ T5317] drm_syncobj_query_ioctl+0x1c3/0xae0 [ 75.524078][ T5317] ? rcu_is_watching+0x15/0xb0 [ 75.526218][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.529205][ T5317] ? lock_release+0x4b/0x3c0 [ 75.531880][ T5317] drm_ioctl_kernel+0x2df/0x3b0 [ 75.534133][ T5317] ? lock_acquire+0x5f/0x350 [ 75.536141][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.538741][ T5317] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.541262][ T5317] ? __might_fault+0xcb/0x130 [ 75.543692][ T5317] drm_ioctl+0x70e/0xba0 [ 75.546123][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.549399][ T5317] ? __pfx_drm_ioctl+0x10/0x10 [ 75.551549][ T5317] ? __fget_files+0x2a/0x420 [ 75.553753][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.556068][ T5317] ? __pfx_drm_ioctl+0x10/0x10 [ 75.558180][ T5317] __se_sys_ioctl+0xfc/0x170 [ 75.560286][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.563035][ T5317] do_syscall_64+0x174/0x580 [ 75.565371][ T5317] ? trace_irq_disable+0x3b/0x140 [ 75.567930][ T5317] ? clear_bhb_loop+0x40/0x90 [ 75.570127][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.572690][ T5317] RIP: 0033:0x7ff716b9ce59 [ 75.574678][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.583414][ T5317] RSP: 002b:00007ff717a14fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.586246][ T5317] RAX: ffffffffffffffda RBX: 00007ff716e15fa0 RCX: 00007ff716b9ce59 [ 75.588834][ T5317] RDX: 0000200000000180 RSI: 00000000c01864cb RDI: 0000000000000005 [ 75.591859][ T5317] RBP: 00007ff716c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 75.595443][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.599433][ T5317] R13: 00007ff716e16038 R14: 00007ff716e15fa0 R15: 00007ffec1c36178 [ 75.602816][ T5317] [ 75.604041][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.606830][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.610022][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.613721][ T5317] Call Trace: [ 75.615155][ T5317] [ 75.616398][ T5317] vpanic+0x56c/0xa60 [ 75.618208][ T5317] ? __pfx__printk+0x10/0x10 [ 75.620111][ T5317] ? __pfx_vpanic+0x10/0x10 [ 75.621995][ T5317] ? is_bpf_text_address+0x292/0x2b0 [ 75.624187][ T5317] ? is_bpf_text_address+0x26/0x2b0 [ 75.626309][ T5317] panic+0xc5/0xd0 [ 75.628062][ T5317] ? __pfx_panic+0x10/0x10 [ 75.630472][ T5317] __warn+0x315/0x4c0 [ 75.632490][ T5317] ? __alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.635012][ T5317] ? __alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.637217][ T5317] __report_bug+0x331/0x530 [ 75.638886][ T5317] ? __alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.641186][ T5317] ? __pfx___report_bug+0x10/0x10 [ 75.643322][ T5317] ? is_bpf_text_address+0x26/0x2b0 [ 75.645602][ T5317] ? rcu_is_watching+0x15/0xb0 [ 75.647980][ T5317] ? rcu_is_watching+0x15/0xb0 [ 75.650242][ T5317] ? lock_release+0x4b/0x3c0 [ 75.652231][ T5317] ? lock_release+0x4b/0x3c0 [ 75.654139][ T5317] ? __alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.656499][ T5317] report_bug+0x16a/0x220 [ 75.658404][ T5317] ? __alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.661121][ T5317] ? __alloc_frozen_pages_noprof+0x2d0/0x380 [ 75.664233][ T5317] handle_bug+0x9c/0x200 [ 75.666568][ T5317] exc_invalid_op+0x1a/0x50 [ 75.668529][ T5317] asm_exc_invalid_op+0x1a/0x20 [ 75.670700][ T5317] RIP: 0010:__alloc_frozen_pages_noprof+0x2ce/0x380 [ 75.673353][ T5317] Code: 74 10 4c 89 e7 89 54 24 0c e8 ee 28 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 ab fe ff ff e9 ac fe ff ff c6 05 b4 77 f5 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.682044][ T5317] RSP: 0018:ffffc90005987880 EFLAGS: 00010246 [ 75.685457][ T5317] RAX: ffffc90005987800 RBX: 0000000000000015 RCX: 0000000000000000 [ 75.689094][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900059878e8 [ 75.692445][ T5317] RBP: ffffc90005987970 R08: ffffc900059878e7 R09: 0000000000000000 [ 75.695790][ T5317] R10: ffffc900059878c0 R11: fffff52000b30f1d R12: 0000000000000000 [ 75.699079][ T5317] R13: 1ffff92000b30f14 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.702230][ T5317] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.704808][ T5317] ? __pfx_policy_nodemask+0x10/0x10 [ 75.707194][ T5317] ? kasan_save_track+0x4f/0x80 [ 75.709804][ T5317] ? kasan_save_track+0x3e/0x80 [ 75.712553][ T5317] ? kasan_save_free_info+0x40/0x50 [ 75.714886][ T5317] ? __kasan_slab_free+0x5c/0x80 [ 75.716971][ T5317] alloc_pages_mpol+0x212/0x380 [ 75.719122][ T5317] ___kmalloc_large_node+0x4c/0x120 [ 75.721368][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.723683][ T5317] __kmalloc_large_node_noprof+0x18/0x90 [ 75.725975][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.728216][ T5317] __kmalloc_noprof+0x405/0x720 [ 75.730388][ T5317] ? drm_syncobj_array_find+0x3a/0x440 [ 75.732961][ T5317] drm_syncobj_array_find+0x3a/0x440 [ 75.735544][ T5317] drm_syncobj_query_ioctl+0x1c3/0xae0 [ 75.737954][ T5317] ? rcu_is_watching+0x15/0xb0 [ 75.740094][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.742817][ T5317] ? lock_release+0x4b/0x3c0 [ 75.744694][ T5317] drm_ioctl_kernel+0x2df/0x3b0 [ 75.746679][ T5317] ? lock_acquire+0x5f/0x350 [ 75.748741][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.751646][ T5317] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.754330][ T5317] ? __might_fault+0xcb/0x130 [ 75.756405][ T5317] drm_ioctl+0x70e/0xba0 [ 75.758156][ T5317] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.760657][ T5317] ? __pfx_drm_ioctl+0x10/0x10 [ 75.762580][ T5317] ? __fget_files+0x2a/0x420 [ 75.764458][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.766500][ T5317] ? __pfx_drm_ioctl+0x10/0x10 [ 75.768562][ T5317] __se_sys_ioctl+0xfc/0x170 [ 75.770916][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.774254][ T5317] do_syscall_64+0x174/0x580 [ 75.776467][ T5317] ? trace_irq_disable+0x3b/0x140 [ 75.778652][ T5317] ? clear_bhb_loop+0x40/0x90 [ 75.780645][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.783171][ T5317] RIP: 0033:0x7ff716b9ce59 [ 75.785096][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.794756][ T5317] RSP: 002b:00007ff717a14fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.798262][ T5317] RAX: ffffffffffffffda RBX: 00007ff716e15fa0 RCX: 00007ff716b9ce59 [ 75.801291][ T5317] RDX: 0000200000000180 RSI: 00000000c01864cb RDI: 0000000000000005 [ 75.804445][ T5317] RBP: 00007ff716c32e6f R08: 0000000000000000 R09: 0000000000000000 [ 75.807851][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.811804][ T5317] R13: 00007ff716e16038 R14: 00007ff716e15fa0 R15: 00007ffec1c36178 [ 75.815333][ T5317] [ 75.817048][ T5317] Kernel Offset: disabled [ 75.818933][ T5317] Rebooting in 86400 seconds..