program: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1, 0x61113, r0, 0x895c1000) (async) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000000500)={0x83, @empty, 0x4626, 0x0, 'lc\x00', 0x12, 0x10, 0x26}, 0x2c) (async) sendmsg$inet(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000480)="75c1cc54649640be1983f79c5bfe88cd6a6a000070ab59578db363f4892559f334d436138406b699de69db13fd737428808940bcd0840dc930c81a8bd8b665cd232c5831977dd63ce2c88d43b17760a6e0df533940a702485bb198e47be60c4fe6987e7a0dc395ab72756496f2e0616a18998c294c8e674758ffa13bd6bab2df9ca37a0bd8fc7c843fe86124390c62f05d76038a6e1610780f0310692de128832c32940a6e848b17d1b5a0c20f3229a7a2e353f9363a037dc063e4f73216054cf0409c89cd75165cf27bf7904a0d47cfd06acc1e4606bb5a8d26ace7578e8f5d151eb60e63969461a96c66f9cf4203d5bb7af3f62bc02693a1d5af09c6d1", 0xfe}, {&(0x7f0000000800)="b0fef28adda62f55a0000000000000001abe0a88f67472c3cd975c9884ae01084df2b71b56e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f7094ca640633b27e0793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c89834010226a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b037a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d0cd93f5524409672b4f35409a8720dc2b78f09198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4c79ff80f6938e0560d9d8e925bdc4fffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9bad3711b3ea5c6361a97d4be9433f950613083805aa4ae31e3aef57eb8d299548df54dffa500"/475, 0x1db}], 0x2}, 0x0) (async) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) (async, rerun: 64) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000300)=@req={0x28, &(0x7f0000000140)={'wlan0\x00', @ifru_data=&(0x7f0000000100)="d5e7146054dcf2a60d54462298c6a7248d2da17cf5c76cd60847854af496a732"}}) (rerun: 64) write$sndseq(r4, &(0x7f0000000000)=[{0x23, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0) close(r1) (async) r5 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0200000000000000000000000000010000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffff0000000000000000000000000000000000000100000000000000000000000040000033f02607b6e8be245466484ba658defc1318306c97c3361be77c3281485d835ab516e1a4d122dd4b8caa36cd2ea023c06e9cb7f44562"], 0x90) (async) add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffe) (async) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) (async) r7 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_disconnect(r7) ioctl$COMEDI_INSNLIST(r6, 0x8010640b, &(0x7f0000000000)={0x1, &(0x7f0000104d40)=[{0x33330000, 0x0, 0x0, 0x0, 0x3333333}]}) (async) request_key(&(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0xffffffffffffffff) (async) syz_clone(0x2b08411, 0x0, 0x0, 0x0, 0x0, 0x0) [ 84.962061][ T5322] Bluetooth: hci0: command tx timeout [ 85.029944][ T5344] IPVS: set_ctl: invalid protocol: 41884 216.252.124.132:16360 [ 85.390768][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.547015][ T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 85.551074][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.554498][ T10] usb 5-1: Product: syz [ 85.556975][ T10] usb 5-1: Manufacturer: syz [ 85.559126][ T10] usb 5-1: SerialNumber: syz [ 85.577424][ T10] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 85.622953][ T5342] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 85.861430][ T10] usb 5-1: USB disconnect, device number 2 [ 86.051801][ T5344] ------------[ cut here ]------------ [ 86.054224][ T5344] WARNING: CPU: 0 PID: 5344 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.059019][ T5344] Modules linked in: [ 86.061074][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) [ 86.066259][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.070873][ T5344] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.073393][ T5344] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 03 42 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 86.082016][ T5344] RSP: 0018:ffffc9000d42f960 EFLAGS: 00010246 [ 86.084593][ T5344] RAX: ffffc9000d42f900 RBX: 0000000000000019 RCX: 0000000000000000 [ 86.087954][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d42f9c8 [ 86.091439][ T5344] RBP: ffffc9000d42fa50 R08: ffffc9000d42f9c7 R09: 0000000000000000 [ 86.094797][ T5344] R10: ffffc9000d42f9a0 R11: fffff52001a85f39 R12: 0000000000000000 [ 86.098314][ T5344] R13: 1ffff92001a85f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 86.102127][ T5344] FS: 00007f28c64da6c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000 [ 86.105986][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.108818][ T5344] CR2: 000055558e349e28 CR3: 00000000434f8000 CR4: 0000000000352ef0 [ 86.112370][ T5344] Call Trace: [ 86.113828][ T5344] [ 86.115097][ T5344] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 86.117724][ T5344] __alloc_pages_noprof+0xa/0x30 [ 86.119964][ T5344] ___kmalloc_large_node+0x85/0x210 [ 86.122414][ T5344] __kmalloc_large_node_noprof+0x18/0x90 [ 86.124762][ T5344] __kmalloc_noprof+0x36f/0x4f0 [ 86.126818][ T5344] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 86.129290][ T5344] comedi_unlocked_ioctl+0x9ee/0xf40 [ 86.131651][ T5344] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.134189][ T5344] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.136488][ T5344] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 86.138913][ T5344] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.141423][ T5344] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 86.143956][ T5344] ? __lock_acquire+0xab9/0xd20 [ 86.146066][ T5344] ? __fget_files+0x2a/0x420 [ 86.148095][ T5344] ? __fget_files+0x2a/0x420 [ 86.150040][ T5344] ? __fget_files+0x3a0/0x420 [ 86.152167][ T5344] ? __fget_files+0x2a/0x420 [ 86.154282][ T5344] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.156389][ T5344] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.158934][ T5344] __se_sys_ioctl+0xf9/0x170 [ 86.160953][ T5344] do_syscall_64+0xfa/0x3b0 [ 86.163018][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.165217][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.167651][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 86.169591][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.172470][ T5344] RIP: 0033:0x7f28c558e9a9 [ 86.174425][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.182584][ T5344] RSP: 002b:00007f28c64da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.185838][ T5344] RAX: ffffffffffffffda RBX: 00007f28c57b5fa0 RCX: 00007f28c558e9a9 [ 86.189034][ T5344] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000008 [ 86.192493][ T5344] RBP: 00007f28c5610d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.195841][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.199110][ T5344] R13: 0000000000000000 R14: 00007f28c57b5fa0 R15: 00007fff6099dda8 [ 86.202359][ T5344] [ 86.203647][ T5344] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.206649][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) [ 86.211284][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.215582][ T5344] Call Trace: [ 86.217093][ T5344] [ 86.218640][ T5344] dump_stack_lvl+0x99/0x250 [ 86.220662][ T5344] ? __asan_memcpy+0x40/0x70 [ 86.222641][ T5344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.224909][ T5344] ? __pfx__printk+0x10/0x10 [ 86.226971][ T5344] panic+0x2db/0x790 [ 86.228559][ T5344] ? __pfx_panic+0x10/0x10 [ 86.230363][ T5344] ? show_trace_log_lvl+0x4fb/0x550 [ 86.232488][ T5344] __warn+0x31b/0x4b0 [ 86.234182][ T5344] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.236543][ T5344] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.239185][ T5344] report_bug+0x2be/0x4f0 [ 86.241209][ T5344] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.243400][ T5344] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.245972][ T5344] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 86.248316][ T5344] handle_bug+0x84/0x160 [ 86.250204][ T5344] exc_invalid_op+0x1a/0x50 [ 86.252203][ T5344] asm_exc_invalid_op+0x1a/0x20 [ 86.254317][ T5344] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 86.257116][ T5344] Code: 74 10 4c 89 e7 89 54 24 0c e8 34 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 03 42 75 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 86.265519][ T5344] RSP: 0018:ffffc9000d42f960 EFLAGS: 00010246 [ 86.268353][ T5344] RAX: ffffc9000d42f900 RBX: 0000000000000019 RCX: 0000000000000000 [ 86.271706][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d42f9c8 [ 86.274935][ T5344] RBP: ffffc9000d42fa50 R08: ffffc9000d42f9c7 R09: 0000000000000000 [ 86.278458][ T5344] R10: ffffc9000d42f9a0 R11: fffff52001a85f39 R12: 0000000000000000 [ 86.281949][ T5344] R13: 1ffff92001a85f30 R14: 0000000000040dc0 R15: dffffc0000000000 [ 86.285261][ T5344] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 86.287943][ T5344] __alloc_pages_noprof+0xa/0x30 [ 86.290021][ T5344] ___kmalloc_large_node+0x85/0x210 [ 86.292185][ T5344] __kmalloc_large_node_noprof+0x18/0x90 [ 86.294619][ T5344] __kmalloc_noprof+0x36f/0x4f0 [ 86.296714][ T5344] ? comedi_unlocked_ioctl+0x9ee/0xf40 [ 86.299051][ T5344] comedi_unlocked_ioctl+0x9ee/0xf40 [ 86.301221][ T5344] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.303656][ T5344] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.306056][ T5344] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 86.308523][ T5344] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 86.311153][ T5344] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 86.314038][ T5344] ? __lock_acquire+0xab9/0xd20 [ 86.316125][ T5344] ? __fget_files+0x2a/0x420 [ 86.318084][ T5344] ? __fget_files+0x2a/0x420 [ 86.319959][ T5344] ? __fget_files+0x3a0/0x420 [ 86.321926][ T5344] ? __fget_files+0x2a/0x420 [ 86.323679][ T5344] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.325771][ T5344] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 86.328280][ T5344] __se_sys_ioctl+0xf9/0x170 [ 86.330390][ T5344] do_syscall_64+0xfa/0x3b0 [ 86.332209][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.334431][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.336804][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 86.338935][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.341307][ T5344] RIP: 0033:0x7f28c558e9a9 [ 86.343291][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.351521][ T5344] RSP: 002b:00007f28c64da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.355143][ T5344] RAX: ffffffffffffffda RBX: 00007f28c57b5fa0 RCX: 00007f28c558e9a9 [ 86.358467][ T5344] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000008 [ 86.361842][ T5344] RBP: 00007f28c5610d69 R08: 0000000000000000 R09: 0000000000000000 [ 86.365208][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.368733][ T5344] R13: 0000000000000000 R14: 00007f28c57b5fa0 R15: 00007fff6099dda8 [ 86.372165][ T5344] [ 86.373824][ T5344] Kernel Offset: disabled [ 86.375754][ T5344] Rebooting in 86400 seconds..