program: r0 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r1], 0x0, 0x1}) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r0, 0xc01064c1, &(0x7f0000000240)={r1}) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000300)={0x7ff, 0x18, '\x00', 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0]}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842badcfc81364470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r5}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) (async) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) (async) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async) setsockopt$sock_timeval(r6, 0x1, 0x43, &(0x7f0000000040)={0x0, 0xea60}, 0x10) setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) (async) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) (async) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) (async) writev(r7, &(0x7f0000000580)=[{&(0x7f0000000280)="5717c757b31b64", 0x7}], 0x1) (async) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder-control\x00', 0x2, 0x0) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) [ 76.243948][ T5300] Bluetooth: hci0: command tx timeout [ 76.319641][ T5314] ------------[ cut here ]------------ [ 76.321627][ T5314] WARNING: CPU: 0 PID: 5314 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x3c5/0x710 [ 76.325301][ T5314] Modules linked in: [ 76.326847][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 76.330907][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.334611][ T5314] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710 [ 76.336976][ T5314] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 e8 bc 0b 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e [ 76.344318][ T5314] RSP: 0018:ffffc9000d10f900 EFLAGS: 00010246 [ 76.346707][ T5314] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 76.350071][ T5314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d10f988 [ 76.353041][ T5314] RBP: ffffc9000d10fa18 R08: ffffc9000d10f987 R09: 0000000000000000 [ 76.355923][ T5314] R10: ffffc9000d10f960 R11: fffff52001a21f31 R12: 0000000000000014 [ 76.359048][ T5314] R13: 0000000000040cc0 R14: 1ffff92001a21f28 R15: 1ffff92001a21f24 [ 76.362075][ T5314] FS: 00007fd20638d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 76.365431][ T5314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.367902][ T5314] CR2: 000055556e2367c8 CR3: 000000001ab62000 CR4: 0000000000352ef0 [ 76.372979][ T5314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.376012][ T5314] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.379151][ T5314] Call Trace: [ 76.380383][ T5314] [ 76.381509][ T5314] ? __warn+0x165/0x4d0 [ 76.383065][ T5314] ? __alloc_pages_noprof+0x3c5/0x710 [ 76.384986][ T5314] ? report_bug+0x2b3/0x500 [ 76.386804][ T5314] ? __alloc_pages_noprof+0x3c5/0x710 [ 76.388968][ T5314] ? handle_bug+0x60/0x90 [ 76.390640][ T5314] ? exc_invalid_op+0x1a/0x50 [ 76.392387][ T5314] ? asm_exc_invalid_op+0x1a/0x20 [ 76.394333][ T5314] ? __alloc_pages_noprof+0x3c5/0x710 [ 76.396271][ T5314] ? kasan_save_track+0x51/0x80 [ 76.398079][ T5314] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 76.400365][ T5314] ? __lock_acquire+0x1397/0x2100 [ 76.402339][ T5314] ___kmalloc_large_node+0x8b/0x1d0 [ 76.404465][ T5314] __kmalloc_large_node_noprof+0x1a/0x80 [ 76.406543][ T5314] __kmalloc_noprof+0x339/0x4c0 [ 76.408428][ T5314] ? drm_syncobj_array_find+0x3a/0x460 [ 76.410535][ T5314] drm_syncobj_array_find+0x3a/0x460 [ 76.412633][ T5314] drm_syncobj_timeline_signal_ioctl+0x1f2/0x880 [ 76.415028][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.417542][ T5314] ? drm_dev_enter+0x48/0x160 [ 76.419413][ T5314] drm_ioctl_kernel+0x337/0x440 [ 76.421250][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.423676][ T5314] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.425731][ T5314] ? __might_fault+0xc6/0x120 [ 76.427449][ T5314] drm_ioctl+0x60e/0xad0 [ 76.429142][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.431696][ T5314] ? __pfx_drm_ioctl+0x10/0x10 [ 76.433445][ T5314] ? __fget_files+0x2a/0x410 [ 76.435166][ T5314] ? __pfx_drm_ioctl+0x10/0x10 [ 76.436948][ T5314] __se_sys_ioctl+0xf5/0x170 [ 76.438734][ T5314] do_syscall_64+0xf3/0x230 [ 76.440161][ T5314] ? clear_bhb_loop+0x35/0x90 [ 76.441621][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.443693][ T5314] RIP: 0033:0x7fd205585d29 [ 76.445562][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.452594][ T5314] RSP: 002b:00007fd20638d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.455652][ T5314] RAX: ffffffffffffffda RBX: 00007fd205775fa0 RCX: 00007fd205585d29 [ 76.458838][ T5314] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000003 [ 76.461836][ T5314] RBP: 00007fd205601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 76.464782][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.467760][ T5314] R13: 0000000000000000 R14: 00007fd205775fa0 R15: 00007ffd093394c8 [ 76.470791][ T5314] [ 76.471940][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.474567][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 76.478295][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.482087][ T5314] Call Trace: [ 76.483289][ T5314] [ 76.484355][ T5314] dump_stack_lvl+0x241/0x360 [ 76.486129][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.488053][ T5314] ? __pfx__printk+0x10/0x10 [ 76.489889][ T5314] ? _printk+0xd5/0x120 [ 76.491534][ T5314] ? __init_begin+0x41000/0x41000 [ 76.493526][ T5314] ? vscnprintf+0x5d/0x90 [ 76.495160][ T5314] panic+0x349/0x880 [ 76.496600][ T5314] ? __warn+0x174/0x4d0 [ 76.498189][ T5314] ? __pfx_panic+0x10/0x10 [ 76.499839][ T5314] __warn+0x344/0x4d0 [ 76.501338][ T5314] ? __alloc_pages_noprof+0x3c5/0x710 [ 76.503377][ T5314] report_bug+0x2b3/0x500 [ 76.505179][ T5314] ? __alloc_pages_noprof+0x3c5/0x710 [ 76.507264][ T5314] handle_bug+0x60/0x90 [ 76.508856][ T5314] exc_invalid_op+0x1a/0x50 [ 76.510598][ T5314] asm_exc_invalid_op+0x1a/0x20 [ 76.512561][ T5314] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710 [ 76.514866][ T5314] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 e8 bc 0b 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e [ 76.522212][ T5314] RSP: 0018:ffffc9000d10f900 EFLAGS: 00010246 [ 76.524573][ T5314] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 76.527529][ T5314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d10f988 [ 76.530620][ T5314] RBP: ffffc9000d10fa18 R08: ffffc9000d10f987 R09: 0000000000000000 [ 76.533697][ T5314] R10: ffffc9000d10f960 R11: fffff52001a21f31 R12: 0000000000000014 [ 76.536611][ T5314] R13: 0000000000040cc0 R14: 1ffff92001a21f28 R15: 1ffff92001a21f24 [ 76.539532][ T5314] ? kasan_save_track+0x51/0x80 [ 76.541307][ T5314] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 76.543475][ T5314] ? __lock_acquire+0x1397/0x2100 [ 76.545185][ T5314] ___kmalloc_large_node+0x8b/0x1d0 [ 76.546985][ T5314] __kmalloc_large_node_noprof+0x1a/0x80 [ 76.548835][ T5314] __kmalloc_noprof+0x339/0x4c0 [ 76.550799][ T5314] ? drm_syncobj_array_find+0x3a/0x460 [ 76.552588][ T5314] drm_syncobj_array_find+0x3a/0x460 [ 76.554357][ T5314] drm_syncobj_timeline_signal_ioctl+0x1f2/0x880 [ 76.556542][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.558877][ T5314] ? drm_dev_enter+0x48/0x160 [ 76.560451][ T5314] drm_ioctl_kernel+0x337/0x440 [ 76.562297][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.564760][ T5314] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 76.566718][ T5314] ? __might_fault+0xc6/0x120 [ 76.568387][ T5314] drm_ioctl+0x60e/0xad0 [ 76.569951][ T5314] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 76.572389][ T5314] ? __pfx_drm_ioctl+0x10/0x10 [ 76.574208][ T5314] ? __fget_files+0x2a/0x410 [ 76.575919][ T5314] ? __pfx_drm_ioctl+0x10/0x10 [ 76.577738][ T5314] __se_sys_ioctl+0xf5/0x170 [ 76.579478][ T5314] do_syscall_64+0xf3/0x230 [ 76.581178][ T5314] ? clear_bhb_loop+0x35/0x90 [ 76.582965][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.585079][ T5314] RIP: 0033:0x7fd205585d29 [ 76.586737][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.594195][ T5314] RSP: 002b:00007fd20638d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.597447][ T5314] RAX: ffffffffffffffda RBX: 00007fd205775fa0 RCX: 00007fd205585d29 [ 76.600473][ T5314] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000003 [ 76.603564][ T5314] RBP: 00007fd205601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 76.606316][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.608851][ T5314] R13: 0000000000000000 R14: 00007fd205775fa0 R15: 00007ffd093394c8 [ 76.611488][ T5314] [ 76.612778][ T5314] Kernel Offset: disabled [ 76.614230][ T5314] Rebooting in 86400 seconds..