program: timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)=0x0) (async) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(r0, 0x1, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) (async) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='setgroups\x00') close(r1) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={0x0}) (async) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x82300) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r4, 0xc02064cc, &(0x7f00000001c0)={r5, r5, 0x0, 0x80000001, 0x2}) (async) ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r4, 0xc01064c5, &(0x7f0000000140)={&(0x7f0000000040)=[r5, r5], 0x2}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000240)={&(0x7f00000001c0)=[r2, r3, r5, r6, r7, r8, r9], &(0x7f0000000200)=[0x1, 0x1, 0x6, 0x4], 0x7, 0x1}) (async) unshare(0x64000600) [ 75.698794][ T5317] Bluetooth: hci0: command tx timeout [ 75.765645][ T5339] ------------[ cut here ]------------ [ 75.768152][ T5339] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5339 [ 75.772830][ T5339] Modules linked in: [ 75.774597][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.778541][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.783441][ T5339] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.786397][ T5339] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 f3 57 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.795009][ T5339] RSP: 0018:ffffc9000e6ff960 EFLAGS: 00010246 [ 75.797777][ T5339] RAX: ffffc9000e6ff900 RBX: 0000000000000016 RCX: 0000000000000000 [ 75.801429][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e6ff9c8 [ 75.804959][ T5339] RBP: ffffc9000e6ffa60 R08: ffffc9000e6ff9c7 R09: 0000000000000000 [ 75.808330][ T5339] R10: ffffc9000e6ff9a0 R11: fffff52001cdff39 R12: 0000000000000000 [ 75.811980][ T5339] R13: 1ffff92001cdff30 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.815280][ T5339] FS: 00007f32e36b26c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 75.818958][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.821706][ T5339] CR2: 00007f32e3690fc8 CR3: 0000000011471000 CR4: 0000000000352ef0 [ 75.825289][ T5339] Call Trace: [ 75.826762][ T5339] [ 75.828054][ T5339] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 75.830568][ T5339] ? __se_sys_ioctl+0x47/0x170 [ 75.833018][ T5339] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.836684][ T5339] ? policy_nodemask+0x27c/0x720 [ 75.838843][ T5339] ? __lock_acquire+0x6b6/0x2cf0 [ 75.841050][ T5339] alloc_pages_mpol+0x232/0x4a0 [ 75.843175][ T5339] ___kmalloc_large_node+0x4e/0x150 [ 75.845402][ T5339] __kmalloc_large_node_noprof+0x18/0x90 [ 75.847747][ T5339] __kmalloc_noprof+0x4c9/0x800 [ 75.849975][ T5339] ? drm_dev_enter+0x49/0x150 [ 75.851973][ T5339] ? drm_syncobj_array_find+0x3a/0x450 [ 75.854240][ T5339] drm_syncobj_array_find+0x3a/0x450 [ 75.856489][ T5339] drm_syncobj_signal_ioctl+0x168/0x340 [ 75.858880][ T5339] drm_ioctl_kernel+0x2cf/0x390 [ 75.861075][ T5339] ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10 [ 75.863686][ T5339] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.866117][ T5339] drm_ioctl+0x67f/0xb10 [ 75.867958][ T5339] ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10 [ 75.870719][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 75.872811][ T5339] ? __fget_files+0x2a/0x420 [ 75.875009][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.877080][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 75.879084][ T5339] __se_sys_ioctl+0xfc/0x170 [ 75.881159][ T5339] do_syscall_64+0xec/0xf80 [ 75.883039][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.885670][ T5339] ? trace_irq_disable+0x37/0x100 [ 75.888053][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 75.890707][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.893729][ T5339] RIP: 0033:0x7f32e278f7c9 [ 75.895788][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.905564][ T5339] RSP: 002b:00007f32e36b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.909594][ T5339] RAX: ffffffffffffffda RBX: 00007f32e29e6090 RCX: 00007f32e278f7c9 [ 75.912790][ T5339] RDX: 0000200000000140 RSI: 00000000c01064c5 RDI: 0000000000000003 [ 75.916386][ T5339] RBP: 00007f32e2813f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.919831][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.923074][ T5339] R13: 00007f32e29e6128 R14: 00007f32e29e6090 R15: 00007ffe351fcf68 [ 75.926338][ T5339] [ 75.927681][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.930688][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.934322][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.938612][ T5339] Call Trace: [ 75.940095][ T5339] [ 75.941283][ T5339] vpanic+0x1e0/0x670 [ 75.942934][ T5339] panic+0xb9/0xc0 [ 75.944588][ T5339] ? __pfx_panic+0x10/0x10 [ 75.946537][ T5339] __warn+0x317/0x4b0 [ 75.948281][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.950842][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.953359][ T5339] __report_bug+0x288/0x500 [ 75.955320][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.957950][ T5339] ? __pfx___report_bug+0x10/0x10 [ 75.959959][ T5339] ? is_bpf_text_address+0x292/0x2b0 [ 75.961955][ T5339] ? is_bpf_text_address+0x26/0x2b0 [ 75.964168][ T5339] ? kernel_text_address+0xa5/0xe0 [ 75.966299][ T5339] ? __kernel_text_address+0xd/0x40 [ 75.968538][ T5339] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 75.971175][ T5339] ? arch_stack_walk+0xfc/0x150 [ 75.973079][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.975335][ T5339] report_bug+0x16a/0x220 [ 75.976981][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.979551][ T5339] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 75.982278][ T5339] handle_bug+0x98/0x200 [ 75.984561][ T5339] exc_invalid_op+0x1a/0x50 [ 75.986360][ T5339] asm_exc_invalid_op+0x1a/0x20 [ 75.988443][ T5339] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.991313][ T5339] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 f3 57 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.998823][ T5339] RSP: 0018:ffffc9000e6ff960 EFLAGS: 00010246 [ 76.001301][ T5339] RAX: ffffc9000e6ff900 RBX: 0000000000000016 RCX: 0000000000000000 [ 76.004523][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e6ff9c8 [ 76.007606][ T5339] RBP: ffffc9000e6ffa60 R08: ffffc9000e6ff9c7 R09: 0000000000000000 [ 76.010820][ T5339] R10: ffffc9000e6ff9a0 R11: fffff52001cdff39 R12: 0000000000000000 [ 76.013948][ T5339] R13: 1ffff92001cdff30 R14: 0000000000040cc0 R15: dffffc0000000000 [ 76.017236][ T5339] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 76.019554][ T5339] ? __se_sys_ioctl+0x47/0x170 [ 76.021497][ T5339] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 76.024133][ T5339] ? policy_nodemask+0x27c/0x720 [ 76.026179][ T5339] ? __lock_acquire+0x6b6/0x2cf0 [ 76.028092][ T5339] alloc_pages_mpol+0x232/0x4a0 [ 76.030127][ T5339] ___kmalloc_large_node+0x4e/0x150 [ 76.032258][ T5339] __kmalloc_large_node_noprof+0x18/0x90 [ 76.034434][ T5339] __kmalloc_noprof+0x4c9/0x800 [ 76.036562][ T5339] ? drm_dev_enter+0x49/0x150 [ 76.038581][ T5339] ? drm_syncobj_array_find+0x3a/0x450 [ 76.040842][ T5339] drm_syncobj_array_find+0x3a/0x450 [ 76.043146][ T5339] drm_syncobj_signal_ioctl+0x168/0x340 [ 76.045645][ T5339] drm_ioctl_kernel+0x2cf/0x390 [ 76.047840][ T5339] ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10 [ 76.050494][ T5339] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.052905][ T5339] drm_ioctl+0x67f/0xb10 [ 76.054646][ T5339] ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10 [ 76.057113][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 76.059210][ T5339] ? __fget_files+0x2a/0x420 [ 76.061233][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.063481][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 76.065667][ T5339] __se_sys_ioctl+0xfc/0x170 [ 76.067675][ T5339] do_syscall_64+0xec/0xf80 [ 76.069511][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.071944][ T5339] ? trace_irq_disable+0x37/0x100 [ 76.074185][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 76.076278][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.078892][ T5339] RIP: 0033:0x7f32e278f7c9 [ 76.080937][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.088658][ T5339] RSP: 002b:00007f32e36b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.092044][ T5339] RAX: ffffffffffffffda RBX: 00007f32e29e6090 RCX: 00007f32e278f7c9 [ 76.095305][ T5339] RDX: 0000200000000140 RSI: 00000000c01064c5 RDI: 0000000000000003 [ 76.098584][ T5339] RBP: 00007f32e2813f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.101930][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.105236][ T5339] R13: 00007f32e29e6128 R14: 00007f32e29e6090 R15: 00007ffe351fcf68 [ 76.108537][ T5339] [ 76.110175][ T5339] Kernel Offset: disabled [ 76.111915][ T5339] Rebooting in 86400 seconds..