program: r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0xfffffffe, 0x0, 0x0, 0x2b4}) r1 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000000)={0x0, 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r4, 0x3ba0, &(0x7f00000002c0)={0x48, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000820000000000a0103000000000000000001000000090001006e8266c4186a924f20bf498ee5be73797a300000000040000200030a01020000000000000000010000000900030073797a32000000001400048007ffe7400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c0002800800014000000011080003400000000e0800024000000001140000001100"], 0xdc}}, 0x0) syz_emit_ethernet(0x5ee, &(0x7f0000000dc0)={@link_local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "0961d3", 0x44, 0x2f, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x1, {{0x6, 0x1, 0x8, 0x3, 0x0, 0x0, 0x3, 0x2}, 0x1, {0x9}}}, {0x8, 0x22eb, 0x4, {{0x1, 0x2, 0x1, 0x3, 0x1, 0x3, 0x7, 0x6}, 0x2, {0x9, 0xe, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1}}}}}}}}}, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, &(0x7f0000000140)) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8040) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=0x1, @ANYRES32=r8, @ANYBLOB='.\x00'], 0x20) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@fallback, 0xffffffffffffffff, 0x7}, 0x20) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r3, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r2], 0x0, 0xa00000000000, 0x1, 0x6}) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r9, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x2, 0xfffe, 0x3, 0x3}) close_range(r0, 0xffffffffffffffff, 0x0) pipe2$watch_queue(&(0x7f0000000280), 0x80) [ 84.788375][ T5326] ------------[ cut here ]------------ [ 84.790993][ T5326] 1 [ 84.791005][ T5326] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5326 [ 84.796753][ T5326] Modules linked in: [ 84.798542][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.802406][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.806805][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 84.809707][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b dc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 b4 38 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 84.817977][ T5326] RSP: 0018:ffffc9000df1f8a0 EFLAGS: 00010246 [ 84.820675][ T5326] RAX: ffffc9000df1f800 RBX: 0000000000000016 RCX: 0000000000000000 [ 84.824204][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000df1f908 [ 84.827704][ T5326] RBP: ffffc9000df1f990 R08: ffffc9000df1f907 R09: 0000000000000000 [ 84.831144][ T5326] R10: ffffc9000df1f8e0 R11: fffff52001be3f21 R12: 0000000000000000 [ 84.834613][ T5326] R13: 1ffff92001be3f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 84.838095][ T5326] FS: 00007f0eb2ba86c0(0000) GS:ffff88808c87c000(0000) knlGS:0000000000000000 [ 84.842248][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.845101][ T5326] CR2: 00005610142cd660 CR3: 0000000012c05000 CR4: 0000000000352ef0 [ 84.848735][ T5326] Call Trace: [ 84.850312][ T5326] [ 84.851658][ T5326] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 84.854397][ T5326] ? __pfx_policy_nodemask+0x10/0x10 [ 84.856625][ T5326] ? kasan_save_track+0x4f/0x80 [ 84.859413][ T5326] ? kasan_save_track+0x3e/0x80 [ 84.861929][ T5326] ? kasan_save_free_info+0x46/0x50 [ 84.864199][ T5326] ? kfree+0x1c5/0x640 [ 84.866006][ T5326] ? tomoyo_path_number_perm+0x501/0x630 [ 84.868471][ T5326] ? security_file_ioctl+0xc3/0x2a0 [ 84.870670][ T5326] ? __se_sys_ioctl+0x47/0x170 [ 84.873084][ T5326] alloc_pages_mpol+0x235/0x490 [ 84.875463][ T5326] ___kmalloc_large_node+0x4e/0x120 [ 84.877946][ T5326] __kmalloc_large_node_noprof+0x18/0x90 [ 84.880398][ T5326] __kmalloc_noprof+0x3e8/0x760 [ 84.882582][ T5326] ? drm_syncobj_array_find+0x3a/0x440 [ 84.885189][ T5326] drm_syncobj_array_find+0x3a/0x440 [ 84.888868][ T5326] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 84.892328][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 84.895377][ T5326] drm_ioctl_kernel+0x2df/0x3b0 [ 84.897466][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 84.900320][ T5326] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 84.902594][ T5326] drm_ioctl+0x6ba/0xb80 [ 84.904372][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 84.907471][ T5326] ? __pfx_drm_ioctl+0x10/0x10 [ 84.909444][ T5326] ? __fget_files+0x2a/0x420 [ 84.911427][ T5326] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.913476][ T5326] ? __pfx_drm_ioctl+0x10/0x10 [ 84.915583][ T5326] __se_sys_ioctl+0xfc/0x170 [ 84.917524][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.919987][ T5326] do_syscall_64+0x15f/0xf80 [ 84.922057][ T5326] ? trace_irq_disable+0x3b/0x140 [ 84.924252][ T5326] ? clear_bhb_loop+0x40/0x90 [ 84.926386][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.928997][ T5326] RIP: 0033:0x7f0eb1d9ce59 [ 84.931102][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.939555][ T5326] RSP: 002b:00007f0eb2ba7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.943273][ T5326] RAX: ffffffffffffffda RBX: 00007f0eb2015fa0 RCX: 00007f0eb1d9ce59 [ 84.946816][ T5326] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000005 [ 84.950390][ T5326] RBP: 00007f0eb1e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 84.953752][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.957011][ T5326] R13: 00007f0eb2016038 R14: 00007f0eb2015fa0 R15: 00007ffec2d23498 [ 84.960324][ T5326] [ 84.961587][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 84.964662][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.968477][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.972755][ T5326] Call Trace: [ 84.974313][ T5326] [ 84.975591][ T5326] vpanic+0x56c/0xa60 [ 84.977314][ T5326] ? __pfx__printk+0x10/0x10 [ 84.979321][ T5326] ? __pfx_vpanic+0x10/0x10 [ 84.981330][ T5326] ? is_bpf_text_address+0x292/0x2b0 [ 84.983575][ T5326] ? is_bpf_text_address+0x26/0x2b0 [ 84.985792][ T5326] panic+0xc5/0xd0 [ 84.987381][ T5326] ? __pfx_panic+0x10/0x10 [ 84.989370][ T5326] __warn+0x315/0x4c0 [ 84.991081][ T5326] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 84.993649][ T5326] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 84.995970][ T5326] __report_bug+0x29a/0x540 [ 84.997813][ T5326] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.000128][ T5326] ? __pfx___report_bug+0x10/0x10 [ 85.002506][ T5326] ? is_bpf_text_address+0x26/0x2b0 [ 85.004748][ T5326] ? is_bpf_text_address+0x292/0x2b0 [ 85.007034][ T5326] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.009711][ T5326] report_bug+0x16a/0x220 [ 85.011672][ T5326] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.014344][ T5326] ? __alloc_frozen_pages_noprof+0x2d3/0x380 [ 85.016861][ T5326] handle_bug+0x9c/0x200 [ 85.018705][ T5326] exc_invalid_op+0x1a/0x50 [ 85.020691][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 85.022722][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 85.025383][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b dc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 b4 38 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 85.033160][ T5326] RSP: 0018:ffffc9000df1f8a0 EFLAGS: 00010246 [ 85.035921][ T5326] RAX: ffffc9000df1f800 RBX: 0000000000000016 RCX: 0000000000000000 [ 85.039377][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000df1f908 [ 85.042859][ T5326] RBP: ffffc9000df1f990 R08: ffffc9000df1f907 R09: 0000000000000000 [ 85.046320][ T5326] R10: ffffc9000df1f8e0 R11: fffff52001be3f21 R12: 0000000000000000 [ 85.049832][ T5326] R13: 1ffff92001be3f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 85.053311][ T5326] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.055931][ T5326] ? __pfx_policy_nodemask+0x10/0x10 [ 85.058271][ T5326] ? kasan_save_track+0x4f/0x80 [ 85.060462][ T5326] ? kasan_save_track+0x3e/0x80 [ 85.062600][ T5326] ? kasan_save_free_info+0x46/0x50 [ 85.064896][ T5326] ? kfree+0x1c5/0x640 [ 85.066683][ T5326] ? tomoyo_path_number_perm+0x501/0x630 [ 85.069139][ T5326] ? security_file_ioctl+0xc3/0x2a0 [ 85.071495][ T5326] ? __se_sys_ioctl+0x47/0x170 [ 85.073588][ T5326] alloc_pages_mpol+0x235/0x490 [ 85.075673][ T5326] ___kmalloc_large_node+0x4e/0x120 [ 85.077984][ T5326] __kmalloc_large_node_noprof+0x18/0x90 [ 85.080399][ T5326] __kmalloc_noprof+0x3e8/0x760 [ 85.082529][ T5326] ? drm_syncobj_array_find+0x3a/0x440 [ 85.084823][ T5326] drm_syncobj_array_find+0x3a/0x440 [ 85.087079][ T5326] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 85.089814][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.092864][ T5326] drm_ioctl_kernel+0x2df/0x3b0 [ 85.095086][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.097983][ T5326] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.100293][ T5326] drm_ioctl+0x6ba/0xb80 [ 85.102236][ T5326] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 85.105039][ T5326] ? __pfx_drm_ioctl+0x10/0x10 [ 85.107176][ T5326] ? __fget_files+0x2a/0x420 [ 85.109422][ T5326] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.111706][ T5326] ? __pfx_drm_ioctl+0x10/0x10 [ 85.113760][ T5326] __se_sys_ioctl+0xfc/0x170 [ 85.115801][ T5326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.118351][ T5326] do_syscall_64+0x15f/0xf80 [ 85.120289][ T5326] ? trace_irq_disable+0x3b/0x140 [ 85.122517][ T5326] ? clear_bhb_loop+0x40/0x90 [ 85.124554][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.127085][ T5326] RIP: 0033:0x7f0eb1d9ce59 [ 85.129058][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.137304][ T5326] RSP: 002b:00007f0eb2ba7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.141016][ T5326] RAX: ffffffffffffffda RBX: 00007f0eb2015fa0 RCX: 00007f0eb1d9ce59 [ 85.144439][ T5326] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000005 [ 85.147958][ T5326] RBP: 00007f0eb1e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 85.151469][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.154923][ T5326] R13: 00007f0eb2016038 R14: 00007f0eb2015fa0 R15: 00007ffec2d23498 [ 85.158490][ T5326] [ 85.160285][ T5326] Kernel Offset: disabled [ 85.162154][ T5326] Rebooting in 86400 seconds..