program: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$F2FS_IOC_SEC_TRIM_FILE(r0, 0x4018f514, &(0x7f0000000280)={0x2653, 0x401, 0x1}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000001d00070f020000000004000007000000", @ANYRES32=r2, @ANYBLOB="0000da00"], 0x1c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r4, 0x8010640b, &(0x7f0000000000)={0x6666666666667db, &(0x7f0000000440)=[{0xe000003, 0x0, 0x0, 0x7, 0x1}, {0xe000003, 0x0, 0x0, 0x8, 0xffff}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r8, 0x0, 0xf3a, 0x4) vmsplice(r7, &(0x7f0000000540)=[{&(0x7f00000003c0)="39eaefe09e8b62105f8b49d7c97982fbf989c5ffdb7cccc607ebb9eca5", 0x1d}], 0x1, 0x7) write$binfmt_script(r8, &(0x7f00000002c0)={'#! ', './file0/file0', [{0x20, '#K*\x97\x1e\xadsQ\xda\xb8\x1aX\xf0V\x13\x9b\x99\x14m\\\xcf\x1d\xe0}2)x\x04{\xa656-S5/S\x05\xfa\x99A\xc0\xa7^\r\xe3\x03\xa5\tp\xfb\xf0i\xd6\xb9\x8ck \"\xa4\xb6<\"\xf8\xe8\xc4\xe6\x1d-\x00\x00\x00@\x00\x00\x00\x00\x00\x00\xca\xd4c\xd2{\x90\xc9--G~.\x98\x00)\xbe\x98\xe8+\x92H\t@\xbf\xe2\xb1hp{q\xc1\xc4\xa8\xc4Y\xe5\xae\xb6\xb2\xa2a\x18\xa2\xe8\xc5\x05\x10f\x95\xc5\x17&\xb3\xd0GT\"\xc3\"Y\x90\xd5\f*5\'\xaa\xee\xe03Mk\xcc\xb7\x00'/168}], 0xa, "4716aec444a01bb772cb2124bb7e5ab062fe9145e15af7952b172e428a1b9b88e52a02a8719af1442de74cc6721048d27bbf6d54defdba75f815000000000000000000"}, 0xfd) write(r5, 0x0, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0) r9 = socket(0x1e, 0x3, 0x1007) r10 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r10, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8) write$binfmt_elf64(r10, &(0x7f0000000f80)=ANY=[@ANYBLOB="7f454c46fbc100050400000000000000020006000700000034030000000000004000000000000000ea02000000000000080000000c0038000300ffffffff920005000000df920000040000000000000090171f1500000000feffffffffffffff0b0000000000000025000000000000000900000000000000000000600600000000000000000000000120000000000000060000000000000001040000000000000200000000000000040000000000000001000000ffffffff0100010000000000de000000000000000600000000000000070000000000000081000000000000000000000000000000a648bc87ed41a6303e8678f9207a8c3e60ccd36492ae720a91ee928f4c3a5d4082b1936501408eaae1d85bde046569dcb39e33d5af372d49ec7e769fa0174433d925a31fb162dbe7312d616f7ae425074ec8c0cd842c75241593b9fb319f4f58c8752a466f8febb4db08a40f000000000000987610add4d0433269f5dc3bca647c0300dbfb14bb085f53813f6b5b39b987476f3c3385406a88023a71fbb819221da3b1c60fde9c408aba596d5888ee9a3fcdfb6b29f94501569b223e34d1dcb65006cd8200c5d83db84e52967b0af0885b79293bcf9a272dc7b4676e1d6b9b530a32bc4645073f3d5969f3e623a8ac620dab473d4bc480c66459ea8b17fb9b54a3ee7649cd3e7c796f4018affc0a051c856fd84600"/2556], 0x9fc) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYRES8=r4, @ANYRESOCT=r10, @ANYRES32, @ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xb}, 0x94) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) dup3(r7, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r11, 0x0) [ 74.720396][ T5316] Bluetooth: hci0: command tx timeout [ 74.809215][ T5337] ------------[ cut here ]------------ [ 74.812276][ T5337] WARNING: CPU: 0 PID: 5337 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 74.816615][ T5337] Modules linked in: [ 74.818997][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) [ 74.824794][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.829640][ T5337] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 74.833007][ T5337] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ab 3a 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 74.841436][ T5337] RSP: 0018:ffffc9000d4af960 EFLAGS: 00010246 [ 74.844461][ T5337] RAX: ffffc9000d4af900 RBX: 0000000000000019 RCX: 0000000000000000 [ 74.847944][ T5337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d4af9c8 [ 74.851830][ T5337] RBP: ffffc9000d4afa50 R08: ffffc9000d4af9c7 R09: 0000000000000000 [ 74.855088][ T5337] R10: ffffc9000d4af9a0 R11: fffff52001a95f39 R12: 0000000000000000 [ 74.859191][ T5337] R13: 1ffff92001a95f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 74.863670][ T5337] FS: 00007efc583d46c0(0000) GS:ffff88808d21a000(0000) knlGS:0000000000000000 [ 74.867189][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.869928][ T5337] CR2: 00007efc583d3fc8 CR3: 00000000442db000 CR4: 0000000000352ef0 [ 74.873215][ T5337] Call Trace: [ 74.874535][ T5337] [ 74.875649][ T5337] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 74.878246][ T5337] __alloc_pages_noprof+0xa/0x30 [ 74.880163][ T5337] ___kmalloc_large_node+0x85/0x210 [ 74.882286][ T5337] __kmalloc_large_node_noprof+0x18/0x90 [ 74.884635][ T5337] __kmalloc_noprof+0x36f/0x4f0 [ 74.886811][ T5337] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 74.889193][ T5337] comedi_unlocked_ioctl+0x9ee/0xf40 [ 74.891558][ T5337] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.893888][ T5337] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 74.896007][ T5337] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 74.898298][ T5337] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 74.900927][ T5337] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 74.903337][ T5337] ? __lock_acquire+0xab9/0xd20 [ 74.905224][ T5337] ? __fget_files+0x2a/0x420 [ 74.906886][ T5337] ? __fget_files+0x2a/0x420 [ 74.908548][ T5337] ? __fget_files+0x3a0/0x420 [ 74.910244][ T5337] ? __fget_files+0x2a/0x420 [ 74.912230][ T5337] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.914258][ T5337] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.916517][ T5337] __se_sys_ioctl+0xf9/0x170 [ 74.918418][ T5337] do_syscall_64+0xfa/0x3b0 [ 74.920596][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.922696][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.925292][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 74.927310][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.929869][ T5337] RIP: 0033:0x7efc5bf8e9a9 [ 74.931748][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.939553][ T5337] RSP: 002b:00007efc583d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.943031][ T5337] RAX: ffffffffffffffda RBX: 00007efc5c1b6080 RCX: 00007efc5bf8e9a9 [ 74.946702][ T5337] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000005 [ 74.949627][ T5337] RBP: 00007efc5c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 74.953162][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.956673][ T5337] R13: 0000000000000000 R14: 00007efc5c1b6080 R15: 00007ffff7e51b68 [ 74.960879][ T5337] [ 74.962425][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 74.965681][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00205-gd786aba32000 #0 PREEMPT(full) [ 74.970718][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.975198][ T5337] Call Trace: [ 74.976738][ T5337] [ 74.978047][ T5337] dump_stack_lvl+0x99/0x250 [ 74.980107][ T5337] ? __asan_memcpy+0x40/0x70 [ 74.982302][ T5337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.984705][ T5337] ? __pfx__printk+0x10/0x10 [ 74.986817][ T5337] panic+0x2db/0x790 [ 74.988583][ T5337] ? __pfx_panic+0x10/0x10 [ 74.990559][ T5337] ? show_trace_log_lvl+0x4fb/0x550 [ 74.992840][ T5337] __warn+0x31b/0x4b0 [ 74.994560][ T5337] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 74.997125][ T5337] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 74.999737][ T5337] report_bug+0x2be/0x4f0 [ 75.001624][ T5337] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.004193][ T5337] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.006779][ T5337] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 75.009413][ T5337] handle_bug+0x84/0x160 [ 75.011329][ T5337] exc_invalid_op+0x1a/0x50 [ 75.013363][ T5337] asm_exc_invalid_op+0x1a/0x20 [ 75.015596][ T5337] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 75.018499][ T5337] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ab 3a 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.026874][ T5337] RSP: 0018:ffffc9000d4af960 EFLAGS: 00010246 [ 75.029561][ T5337] RAX: ffffc9000d4af900 RBX: 0000000000000019 RCX: 0000000000000000 [ 75.033040][ T5337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d4af9c8 [ 75.036486][ T5337] RBP: ffffc9000d4afa50 R08: ffffc9000d4af9c7 R09: 0000000000000000 [ 75.039873][ T5337] R10: ffffc9000d4af9a0 R11: fffff52001a95f39 R12: 0000000000000000 [ 75.043264][ T5337] R13: 1ffff92001a95f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 75.046674][ T5337] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.049485][ T5337] __alloc_pages_noprof+0xa/0x30 [ 75.051654][ T5337] ___kmalloc_large_node+0x85/0x210 [ 75.053984][ T5337] __kmalloc_large_node_noprof+0x18/0x90 [ 75.056465][ T5337] __kmalloc_noprof+0x36f/0x4f0 [ 75.058626][ T5337] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 75.061033][ T5337] comedi_unlocked_ioctl+0x9ee/0xf40 [ 75.063517][ T5337] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 75.066228][ T5337] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 75.068772][ T5337] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 75.071242][ T5337] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 75.073713][ T5337] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 75.076395][ T5337] ? __lock_acquire+0xab9/0xd20 [ 75.078509][ T5337] ? __fget_files+0x2a/0x420 [ 75.080536][ T5337] ? __fget_files+0x2a/0x420 [ 75.082553][ T5337] ? __fget_files+0x3a0/0x420 [ 75.084607][ T5337] ? __fget_files+0x2a/0x420 [ 75.086658][ T5337] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.088824][ T5337] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 75.091388][ T5337] __se_sys_ioctl+0xf9/0x170 [ 75.093469][ T5337] do_syscall_64+0xfa/0x3b0 [ 75.095428][ T5337] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.097646][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.100484][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 75.102507][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.105153][ T5337] RIP: 0033:0x7efc5bf8e9a9 [ 75.107117][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.115381][ T5337] RSP: 002b:00007efc583d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.119063][ T5337] RAX: ffffffffffffffda RBX: 00007efc5c1b6080 RCX: 00007efc5bf8e9a9 [ 75.122367][ T5337] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000005 [ 75.125636][ T5337] RBP: 00007efc5c010d69 R08: 0000000000000000 R09: 0000000000000000 [ 75.129470][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.133080][ T5337] R13: 0000000000000000 R14: 00007efc5c1b6080 R15: 00007ffff7e51b68 [ 75.136605][ T5337] [ 75.138344][ T5337] Kernel Offset: disabled [ 75.140276][ T5337] Rebooting in 86400 seconds..