program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0x6, 0x0, 0x0, @void, @value}, 0x10) (async) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xc0}}, 0x0) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x42, 0x4, 0x2a8, 0xffffffff, 0x0, 0x98, 0x0, 0xffffffff, 0xffffffff, 0x210, 0x210, 0x210, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@private, @multicast1, 0x0, 0x0, 'ip6gre0\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'wlan1\x00'}, 0x0, 0xb0, 0xe0, 0x0, {}, [@common=@set={{0x40}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0xd4529ba1430395c9) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) (async) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000100)) r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r4, 0xc01864cb, &(0x7f0000000180)={&(0x7f0000000080)=[r5, r5], &(0x7f0000000100), 0x2, 0x1}) (async) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async, rerun: 64) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f00000001c0)) (async, rerun: 64) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0000110000000000000060ec970000302c00fe8000000000000000000000000000aaff0200000000000000000000000000013a000000000000008902907800000000fc00000000060000000000000000000000000000000000000000ffffe0000001"], 0xfdef) [ 75.654249][ T5304] Bluetooth: hci0: command tx timeout [ 75.683680][ T5324] ipt_REJECT: TCP_RESET invalid for non-tcp [ 75.721172][ T5324] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 75.740189][ T5324] ------------[ cut here ]------------ [ 75.742277][ T5324] WARNING: CPU: 0 PID: 5324 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.746549][ T5324] Modules linked in: [ 75.748274][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 75.753154][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.757934][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.761317][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 92 3f 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.769894][ T5324] RSP: 0018:ffffc9000f65f900 EFLAGS: 00010246 [ 75.772568][ T5324] RAX: ffffc9000f65f900 RBX: 000000000000000e RCX: 0000000000000000 [ 75.776112][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f65f968 [ 75.779771][ T5324] RBP: ffffc9000f65f9f0 R08: ffffc9000f65f967 R09: 0000000000000000 [ 75.783227][ T5324] R10: ffffc9000f65f940 R11: fffff52001ecbf2d R12: 0000000000000000 [ 75.786766][ T5324] R13: 1ffff92001ecbf24 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.790024][ T5324] FS: 00007f996af656c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 75.793410][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.796199][ T5324] CR2: 00007f996a385538 CR3: 0000000011765000 CR4: 0000000000352ef0 [ 75.799505][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.802889][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.806320][ T5324] Call Trace: [ 75.807780][ T5324] [ 75.809090][ T5324] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.811893][ T5324] ? kfree+0x18e/0x440 [ 75.813760][ T5324] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 75.816314][ T5324] ? security_file_ioctl+0xcb/0x2d0 [ 75.818700][ T5324] ? __se_sys_ioctl+0x47/0x170 [ 75.820786][ T5324] ? do_syscall_64+0xfa/0x3b0 [ 75.823256][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.826452][ T5324] __alloc_pages_noprof+0xa/0x30 [ 75.828704][ T5324] ___kmalloc_large_node+0x85/0x210 [ 75.830613][ T5324] __kmalloc_large_node_noprof+0x18/0x90 [ 75.832685][ T5324] __kmalloc_noprof+0x36f/0x4f0 [ 75.834560][ T5324] ? drm_syncobj_array_find+0x3a/0x450 [ 75.836851][ T5324] drm_syncobj_array_find+0x3a/0x450 [ 75.839196][ T5324] drm_syncobj_query_ioctl+0x1c3/0x9d0 [ 75.841381][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.843907][ T5324] drm_ioctl_kernel+0x2cf/0x390 [ 75.845980][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.848569][ T5324] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.850877][ T5324] drm_ioctl+0x67f/0xb10 [ 75.852754][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 75.855473][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 75.857501][ T5324] ? __fget_files+0x2a/0x420 [ 75.859450][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.861902][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 75.863938][ T5324] __se_sys_ioctl+0xfc/0x170 [ 75.866590][ T5324] do_syscall_64+0xfa/0x3b0 [ 75.868884][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.871074][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.873702][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 75.876132][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.879112][ T5324] RIP: 0033:0x7f996a18e929 [ 75.881391][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.891547][ T5324] RSP: 002b:00007f996af65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.895302][ T5324] RAX: ffffffffffffffda RBX: 00007f996a3b5fa0 RCX: 00007f996a18e929 [ 75.898753][ T5324] RDX: 0000200000000180 RSI: 00000000c01864cb RDI: 0000000000000007 [ 75.902610][ T5324] RBP: 00007f996a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.906213][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.909888][ T5324] R13: 0000000000000000 R14: 00007f996a3b5fa0 R15: 00007ffdb661cfd8 [ 75.913314][ T5324] [ 75.914902][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.918199][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 75.923126][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.927690][ T5324] Call Trace: [ 75.929127][ T5324] [ 75.930479][ T5324] dump_stack_lvl+0x99/0x250 [ 75.932533][ T5324] ? __asan_memcpy+0x40/0x70 [ 75.934533][ T5324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.936786][ T5324] ? __pfx__printk+0x10/0x10 [ 75.938800][ T5324] panic+0x2db/0x790 [ 75.940391][ T5324] ? __pfx_panic+0x10/0x10 [ 75.942349][ T5324] ? show_trace_log_lvl+0x4fb/0x550 [ 75.944517][ T5324] __warn+0x31b/0x4b0 [ 75.946312][ T5324] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.948987][ T5324] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.951552][ T5324] report_bug+0x2be/0x4f0 [ 75.953424][ T5324] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.956018][ T5324] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.958479][ T5324] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 75.960950][ T5324] handle_bug+0x84/0x160 [ 75.962798][ T5324] exc_invalid_op+0x1a/0x50 [ 75.964887][ T5324] asm_exc_invalid_op+0x1a/0x20 [ 75.966962][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.970013][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 92 3f 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.977487][ T5324] RSP: 0018:ffffc9000f65f900 EFLAGS: 00010246 [ 75.979844][ T5324] RAX: ffffc9000f65f900 RBX: 000000000000000e RCX: 0000000000000000 [ 75.982954][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f65f968 [ 75.986056][ T5324] RBP: ffffc9000f65f9f0 R08: ffffc9000f65f967 R09: 0000000000000000 [ 75.989184][ T5324] R10: ffffc9000f65f940 R11: fffff52001ecbf2d R12: 0000000000000000 [ 75.992341][ T5324] R13: 1ffff92001ecbf24 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.995424][ T5324] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.998059][ T5324] ? kfree+0x18e/0x440 [ 75.999832][ T5324] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 76.002305][ T5324] ? security_file_ioctl+0xcb/0x2d0 [ 76.004426][ T5324] ? __se_sys_ioctl+0x47/0x170 [ 76.006436][ T5324] ? do_syscall_64+0xfa/0x3b0 [ 76.008437][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.010951][ T5324] __alloc_pages_noprof+0xa/0x30 [ 76.012991][ T5324] ___kmalloc_large_node+0x85/0x210 [ 76.015064][ T5324] __kmalloc_large_node_noprof+0x18/0x90 [ 76.017248][ T5324] __kmalloc_noprof+0x36f/0x4f0 [ 76.019208][ T5324] ? drm_syncobj_array_find+0x3a/0x450 [ 76.021464][ T5324] drm_syncobj_array_find+0x3a/0x450 [ 76.023387][ T5324] drm_syncobj_query_ioctl+0x1c3/0x9d0 [ 76.025691][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.028503][ T5324] drm_ioctl_kernel+0x2cf/0x390 [ 76.030634][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.033305][ T5324] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.035621][ T5324] drm_ioctl+0x67f/0xb10 [ 76.037399][ T5324] ? __pfx_drm_syncobj_query_ioctl+0x10/0x10 [ 76.040052][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 76.042107][ T5324] ? __fget_files+0x2a/0x420 [ 76.044105][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.046245][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 76.048416][ T5324] __se_sys_ioctl+0xfc/0x170 [ 76.050394][ T5324] do_syscall_64+0xfa/0x3b0 [ 76.052352][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.054554][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.057089][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 76.058891][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.061379][ T5324] RIP: 0033:0x7f996a18e929 [ 76.063286][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.071518][ T5324] RSP: 002b:00007f996af65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.075265][ T5324] RAX: ffffffffffffffda RBX: 00007f996a3b5fa0 RCX: 00007f996a18e929 [ 76.078724][ T5324] RDX: 0000200000000180 RSI: 00000000c01864cb RDI: 0000000000000007 [ 76.082155][ T5324] RBP: 00007f996a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 76.085400][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.088552][ T5324] R13: 0000000000000000 R14: 00007f996a3b5fa0 R15: 00007ffdb661cfd8 [ 76.091696][ T5324] [ 76.093180][ T5324] Kernel Offset: disabled [ 76.094924][ T5324] Rebooting in 86400 seconds..