program: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{0x45, 0x5}, {0x3, 0xc9, 0xc8, 0x5e}}}, 0x8) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r1, 0xc02064cc, &(0x7f00000001c0)={r2, r2, 0x1, 0x0, 0x2}) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r1, 0xc00864c0, &(0x7f0000000140)={r2}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r4, &(0x7f0000000100)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x2, 0x1, 0x1, 0x5, 0x25, 0x3}, 0x20) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b608000000d60e008500000085000000b70000000000000095000000000000008d56a19bead37e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000400)={0x0, 0x1}) r11 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r11, 0xc00864bf, &(0x7f0000000140)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r11, 0xc01864cb, &(0x7f0000000180)={&(0x7f0000000080)=[r12], 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000440)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000580)={&(0x7f0000000500)=[r10, r2, r2, r12, r2, r13, r2, r2, r2, r2], &(0x7f0000000540)=[0x1, 0x0], 0x3fffffffffffffac}) r14 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_buf(r14, 0x29, 0xcb, 0x0, 0x4b) sendmsg$NFT_MSG_GETCHAIN(r5, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c000000040a010100000000000000000100000008000540fffffffc08000540fffffffc0a000000726f75746500000030000480140003006873723000ff0f0000000000000000000800024005e223d60800024021e36b4008000140000000030c00024000000000f82f37b9"], 0x6c}, 0x1, 0x0, 0x0, 0x890}, 0x2004c851) [ 85.167117][ T4678] Bluetooth: hci0: command tx timeout [ 85.334350][ T5333] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.481404][ T5339] ------------[ cut here ]------------ [ 85.483819][ T5339] WARNING: CPU: 0 PID: 5339 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.488648][ T5339] Modules linked in: [ 85.490674][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 85.495774][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.500839][ T5339] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.503751][ T5339] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 2a 37 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.512382][ T5339] RSP: 0018:ffffc9000d5479a0 EFLAGS: 00010246 [ 85.515442][ T5339] RAX: ffffc9000d547900 RBX: 0000000000000016 RCX: 0000000000000000 [ 85.519058][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d547a08 [ 85.522710][ T5339] RBP: ffffc9000d547a88 R08: ffffc9000d547a07 R09: 0000000000000000 [ 85.526473][ T5339] R10: ffffc9000d5479e0 R11: fffff52001aa8f41 R12: 0000000000000000 [ 85.530435][ T5339] R13: 1ffff92001aa8f38 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.535725][ T5339] FS: 00007f281f7e86c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 85.540856][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.543657][ T5339] CR2: 0000000000000000 CR3: 0000000042a2a000 CR4: 0000000000352ef0 [ 85.547055][ T5339] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.552122][ T5339] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.555806][ T5339] Call Trace: [ 85.557427][ T5339] [ 85.558777][ T5339] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.561764][ T5339] __alloc_pages_noprof+0xa/0x30 [ 85.563985][ T5339] ___kmalloc_large_node+0x85/0x210 [ 85.566311][ T5339] __kmalloc_large_node_noprof+0x18/0x90 [ 85.568785][ T5339] __kmalloc_noprof+0x36f/0x4f0 [ 85.571085][ T5339] ? drm_syncobj_array_find+0x3a/0x450 [ 85.573746][ T5339] drm_syncobj_array_find+0x3a/0x450 [ 85.576313][ T5339] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 85.579184][ T5339] ? drm_dev_exit+0x3a/0x60 [ 85.581381][ T5339] drm_ioctl_kernel+0x2cc/0x390 [ 85.583679][ T5339] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 85.586803][ T5339] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.590044][ T5339] drm_ioctl+0x67f/0xb10 [ 85.592188][ T5339] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 85.595289][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 85.597410][ T5339] ? __fget_files+0x2a/0x420 [ 85.599524][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.601793][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 85.603887][ T5339] __se_sys_ioctl+0xfc/0x170 [ 85.606063][ T5339] do_syscall_64+0xfa/0x3b0 [ 85.608122][ T5339] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.610546][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.613246][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 85.615408][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.618062][ T5339] RIP: 0033:0x7f281e98e929 [ 85.620153][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.628678][ T5339] RSP: 002b:00007f281f7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.633000][ T5339] RAX: ffffffffffffffda RBX: 00007f281ebb6160 RCX: 00007f281e98e929 [ 85.636584][ T5339] RDX: 0000200000000580 RSI: 00000000c01864cd RDI: 0000000000000003 [ 85.640578][ T5339] RBP: 00007f281ea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.644044][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.647765][ T5339] R13: 0000000000000000 R14: 00007f281ebb6160 R15: 00007ffdf58c7bc8 [ 85.651930][ T5339] [ 85.653568][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.657586][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) [ 85.663577][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.668385][ T5339] Call Trace: [ 85.669797][ T5339] [ 85.671053][ T5339] dump_stack_lvl+0x99/0x250 [ 85.673036][ T5339] ? __asan_memcpy+0x40/0x70 [ 85.675055][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.677229][ T5339] ? __pfx__printk+0x10/0x10 [ 85.679208][ T5339] panic+0x2db/0x790 [ 85.680947][ T5339] ? __pfx_panic+0x10/0x10 [ 85.682845][ T5339] ? show_trace_log_lvl+0x4fb/0x550 [ 85.685060][ T5339] __warn+0x31b/0x4b0 [ 85.686848][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.689690][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.692336][ T5339] report_bug+0x2be/0x4f0 [ 85.694355][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.697845][ T5339] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.701008][ T5339] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 85.703993][ T5339] handle_bug+0x84/0x160 [ 85.706022][ T5339] exc_invalid_op+0x1a/0x50 [ 85.708231][ T5339] asm_exc_invalid_op+0x1a/0x20 [ 85.710571][ T5339] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 85.714039][ T5339] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 2a 37 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.722103][ T5339] RSP: 0018:ffffc9000d5479a0 EFLAGS: 00010246 [ 85.724696][ T5339] RAX: ffffc9000d547900 RBX: 0000000000000016 RCX: 0000000000000000 [ 85.728148][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d547a08 [ 85.731436][ T5339] RBP: ffffc9000d547a88 R08: ffffc9000d547a07 R09: 0000000000000000 [ 85.734608][ T5339] R10: ffffc9000d5479e0 R11: fffff52001aa8f41 R12: 0000000000000000 [ 85.738069][ T5339] R13: 1ffff92001aa8f38 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.742032][ T5339] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.745680][ T5339] __alloc_pages_noprof+0xa/0x30 [ 85.748365][ T5339] ___kmalloc_large_node+0x85/0x210 [ 85.751099][ T5339] __kmalloc_large_node_noprof+0x18/0x90 [ 85.753765][ T5339] __kmalloc_noprof+0x36f/0x4f0 [ 85.756008][ T5339] ? drm_syncobj_array_find+0x3a/0x450 [ 85.758499][ T5339] drm_syncobj_array_find+0x3a/0x450 [ 85.760820][ T5339] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 85.763730][ T5339] ? drm_dev_exit+0x3a/0x60 [ 85.766199][ T5339] drm_ioctl_kernel+0x2cc/0x390 [ 85.768398][ T5339] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 85.771566][ T5339] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.773971][ T5339] drm_ioctl+0x67f/0xb10 [ 85.775933][ T5339] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 85.779649][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 85.782062][ T5339] ? __fget_files+0x2a/0x420 [ 85.784105][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.786262][ T5339] ? __pfx_drm_ioctl+0x10/0x10 [ 85.788609][ T5339] __se_sys_ioctl+0xfc/0x170 [ 85.790964][ T5339] do_syscall_64+0xfa/0x3b0 [ 85.793161][ T5339] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.795878][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.798603][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 85.800815][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.803538][ T5339] RIP: 0033:0x7f281e98e929 [ 85.805630][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.814161][ T5339] RSP: 002b:00007f281f7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.817897][ T5339] RAX: ffffffffffffffda RBX: 00007f281ebb6160 RCX: 00007f281e98e929 [ 85.821263][ T5339] RDX: 0000200000000580 RSI: 00000000c01864cd RDI: 0000000000000003 [ 85.824889][ T5339] RBP: 00007f281ea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.828771][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.832394][ T5339] R13: 0000000000000000 R14: 00007f281ebb6160 R15: 00007ffdf58c7bc8 [ 85.835931][ T5339] [ 85.837831][ T5339] Kernel Offset: disabled [ 85.839782][ T5339] Rebooting in 86400 seconds..