program: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010003, 0x6, 0x17, 0x19, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x7]}) r2 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r3, r3], &(0x7f0000000140)=[0x80], 0x40000361}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f0000000400)={r3, r3, 0xa, 0x6, 0x2}) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r8, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @bcast, @bpq0, 0x5, [@bcast, @bcast, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) ioctl$sock_rose_SIOCADDRT(r7, 0x890b, &(0x7f0000000440)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x4, 0xffffffffffffffff}) syz_kvm_setup_syzos_vm$x86(r9, &(0x7f0000bfe000/0x400000)=nil) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c40000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00"], 0xc4}}, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) r11 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000002c0)={{0x3, 0x3, 0x2, 0x1, 0x6}}) sendmsg$nl_xfrm(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e00000010000000000000000000000004e200000000000000a00000000000000", @ANYRES32=r12, @ANYRES32=0x0, @ANYBLOB="0800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f63be2d000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000"], 0xb8}}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) [ 76.642328][ T5336] Bluetooth: hci0: command tx timeout [ 76.646999][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.649905][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.708604][ T5357] ------------[ cut here ]------------ [ 76.710645][ T5357] WARNING: CPU: 0 PID: 5357 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.716254][ T5357] Modules linked in: [ 76.718004][ T5357] CPU: 0 UID: 0 PID: 5357 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.721797][ T5357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.727103][ T5357] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.730863][ T5357] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 e9 0c 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 76.741061][ T5357] RSP: 0018:ffffc9000f497940 EFLAGS: 00010246 [ 76.744432][ T5357] RAX: ffffc9000f497900 RBX: 0000000000000015 RCX: 0000000000000000 [ 76.748004][ T5357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f4979a8 [ 76.752654][ T5357] RBP: ffffc9000f497a40 R08: ffffc9000f4979a7 R09: 0000000000000000 [ 76.756584][ T5357] R10: ffffc9000f497980 R11: fffff52001e92f35 R12: 0000000000000000 [ 76.760138][ T5357] R13: 1ffff92001e92f2c R14: 0000000000040cc0 R15: dffffc0000000000 [ 76.764331][ T5357] FS: 00007ff1f541e6c0(0000) GS:ffff88808d00a000(0000) knlGS:0000000000000000 [ 76.768610][ T5357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.771569][ T5357] CR2: 00007ff1f47a8558 CR3: 000000003e886000 CR4: 0000000000352ef0 [ 76.775407][ T5357] Call Trace: [ 76.777057][ T5357] [ 76.778445][ T5357] ? kasan_save_track+0x3e/0x80 [ 76.780850][ T5357] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 76.783920][ T5357] ? security_file_ioctl+0xcb/0x2d0 [ 76.786645][ T5357] ? policy_nodemask+0x27c/0x720 [ 76.789362][ T5357] alloc_pages_mpol+0x232/0x4a0 [ 76.792281][ T5357] ___kmalloc_large_node+0x5f/0x1b0 [ 76.795196][ T5357] __kmalloc_large_node_noprof+0x18/0x90 [ 76.798834][ T5357] __kmalloc_noprof+0x36f/0x4f0 [ 76.802393][ T5357] ? drm_syncobj_array_find+0x3a/0x450 [ 76.804786][ T5357] drm_syncobj_array_find+0x3a/0x450 [ 76.806625][ T5357] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 76.809655][ T5357] ? drm_dev_exit+0x3a/0x60 [ 76.811857][ T5357] drm_ioctl_kernel+0x2cf/0x390 [ 76.814293][ T5357] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.817848][ T5357] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.821042][ T5357] drm_ioctl+0x67f/0xb10 [ 76.823552][ T5357] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.826940][ T5357] ? __pfx_drm_ioctl+0x10/0x10 [ 76.829159][ T5357] ? __fget_files+0x2a/0x420 [ 76.831452][ T5357] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.833930][ T5357] ? __pfx_drm_ioctl+0x10/0x10 [ 76.836046][ T5357] __se_sys_ioctl+0xf9/0x170 [ 76.838189][ T5357] do_syscall_64+0xfa/0x3b0 [ 76.840282][ T5357] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.842905][ T5357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.846160][ T5357] ? clear_bhb_loop+0x60/0xb0 [ 76.848851][ T5357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.851872][ T5357] RIP: 0033:0x7ff1f458eba9 [ 76.854012][ T5357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.862661][ T5357] RSP: 002b:00007ff1f541e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.866363][ T5357] RAX: ffffffffffffffda RBX: 00007ff1f47d5fa0 RCX: 00007ff1f458eba9 [ 76.869972][ T5357] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000005 [ 76.874123][ T5357] RBP: 00007ff1f4611e19 R08: 0000000000000000 R09: 0000000000000000 [ 76.877927][ T5357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.881373][ T5357] R13: 00007ff1f47d6038 R14: 00007ff1f47d5fa0 R15: 00007ffd345f3988 [ 76.884719][ T5357] [ 76.886138][ T5357] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.889273][ T5357] CPU: 0 UID: 0 PID: 5357 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.893157][ T5357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.898858][ T5357] Call Trace: [ 76.900590][ T5357] [ 76.901955][ T5357] dump_stack_lvl+0x99/0x250 [ 76.903881][ T5357] ? __asan_memcpy+0x40/0x70 [ 76.905821][ T5357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.907894][ T5357] ? __pfx__printk+0x10/0x10 [ 76.909865][ T5357] vpanic+0x281/0x750 [ 76.911673][ T5357] ? __pfx__printk+0x10/0x10 [ 76.914168][ T5357] ? __pfx_vpanic+0x10/0x10 [ 76.916639][ T5357] ? is_bpf_text_address+0x26/0x2b0 [ 76.919493][ T5357] panic+0xb9/0xc0 [ 76.921375][ T5357] ? __pfx_panic+0x10/0x10 [ 76.923633][ T5357] __warn+0x31b/0x4b0 [ 76.925560][ T5357] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.928493][ T5357] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.931415][ T5357] report_bug+0x2be/0x4f0 [ 76.933671][ T5357] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.936439][ T5357] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.939021][ T5357] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 76.941570][ T5357] handle_bug+0x84/0x160 [ 76.943659][ T5357] exc_invalid_op+0x1a/0x50 [ 76.945919][ T5357] asm_exc_invalid_op+0x1a/0x20 [ 76.948485][ T5357] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 76.951663][ T5357] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 e9 0c 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 76.960127][ T5357] RSP: 0018:ffffc9000f497940 EFLAGS: 00010246 [ 76.962885][ T5357] RAX: ffffc9000f497900 RBX: 0000000000000015 RCX: 0000000000000000 [ 76.966305][ T5357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f4979a8 [ 76.969607][ T5357] RBP: ffffc9000f497a40 R08: ffffc9000f4979a7 R09: 0000000000000000 [ 76.973730][ T5357] R10: ffffc9000f497980 R11: fffff52001e92f35 R12: 0000000000000000 [ 76.977533][ T5357] R13: 1ffff92001e92f2c R14: 0000000000040cc0 R15: dffffc0000000000 [ 76.981232][ T5357] ? kasan_save_track+0x3e/0x80 [ 76.983300][ T5357] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 76.985761][ T5357] ? security_file_ioctl+0xcb/0x2d0 [ 76.988048][ T5357] ? policy_nodemask+0x27c/0x720 [ 76.990291][ T5357] alloc_pages_mpol+0x232/0x4a0 [ 76.992766][ T5357] ___kmalloc_large_node+0x5f/0x1b0 [ 76.995684][ T5357] __kmalloc_large_node_noprof+0x18/0x90 [ 76.998543][ T5357] __kmalloc_noprof+0x36f/0x4f0 [ 77.000717][ T5357] ? drm_syncobj_array_find+0x3a/0x450 [ 77.003168][ T5357] drm_syncobj_array_find+0x3a/0x450 [ 77.005567][ T5357] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 77.008532][ T5357] ? drm_dev_exit+0x3a/0x60 [ 77.010818][ T5357] drm_ioctl_kernel+0x2cf/0x390 [ 77.013206][ T5357] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 77.016425][ T5357] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 77.018551][ T5357] drm_ioctl+0x67f/0xb10 [ 77.020087][ T5357] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 77.022970][ T5357] ? __pfx_drm_ioctl+0x10/0x10 [ 77.025181][ T5357] ? __fget_files+0x2a/0x420 [ 77.027291][ T5357] ? bpf_lsm_file_ioctl+0x9/0x20 [ 77.029575][ T5357] ? __pfx_drm_ioctl+0x10/0x10 [ 77.032205][ T5357] __se_sys_ioctl+0xf9/0x170 [ 77.034477][ T5357] do_syscall_64+0xfa/0x3b0 [ 77.037137][ T5357] ? lockdep_hardirqs_on+0x9c/0x150 [ 77.039538][ T5357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.042340][ T5357] ? clear_bhb_loop+0x60/0xb0 [ 77.044548][ T5357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.047418][ T5357] RIP: 0033:0x7ff1f458eba9 [ 77.049773][ T5357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.059522][ T5357] RSP: 002b:00007ff1f541e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 77.062985][ T5357] RAX: ffffffffffffffda RBX: 00007ff1f47d5fa0 RCX: 00007ff1f458eba9 [ 77.066027][ T5357] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000005 [ 77.069269][ T5357] RBP: 00007ff1f4611e19 R08: 0000000000000000 R09: 0000000000000000 [ 77.072472][ T5357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.075939][ T5357] R13: 00007ff1f47d6038 R14: 00007ff1f47d5fa0 R15: 00007ffd345f3988 [ 77.079577][ T5357] [ 77.081502][ T5357] Kernel Offset: disabled [ 77.083777][ T5357] Rebooting in 86400 seconds..