program: ioprio_set$uid(0x3, 0xee01, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000003c0)) r2 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper}) r5 = socket$caif_seqpacket(0x25, 0x5, 0x1) ioctl$F2FS_IOC_FLUSH_DEVICE(r5, 0x4008f50a, &(0x7f0000000100)={0xd40, 0x5}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r3, 0x7a9, &(0x7f0000000340)={{@hyper, 0x2}, 0xe147, 0x6, 0x69c9, 0x949, 0x100, 0x385a2d2f, 0x6, 0x100000000}) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000080)={&(0x7f0000000580), 0x0, 0x400001f7}) ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r1, 0xc00864c0, &(0x7f0000000440)={r6}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3000000010000108fdff763f0000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000008001a8004002d"], 0x30}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) [ 75.138011][ T5299] Bluetooth: hci0: command tx timeout [ 75.208745][ T5318] ------------[ cut here ]------------ [ 75.211364][ T5318] 1 [ 75.211376][ T5318] WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5318 [ 75.218189][ T5318] Modules linked in: [ 75.219996][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.223486][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.228267][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.230990][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b ca 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 14 b6 9b 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.239933][ T5318] RSP: 0018:ffffc90001a97920 EFLAGS: 00010246 [ 75.242646][ T5318] RAX: ffffc90001a97900 RBX: 0000000000000015 RCX: 0000000000000000 [ 75.245898][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90001a97988 [ 75.249341][ T5318] RBP: ffffc90001a97a20 R08: ffffc90001a97987 R09: 0000000000000000 [ 75.252670][ T5318] R10: ffffc90001a97960 R11: fffff52000352f31 R12: 0000000000000000 [ 75.256392][ T5318] R13: 1ffff92000352f28 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.260034][ T5318] FS: 00007effcb77c6c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000 [ 75.263988][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.267124][ T5318] CR2: 00007effcabe5558 CR3: 000000001166f000 CR4: 0000000000352ef0 [ 75.270861][ T5318] Call Trace: [ 75.272402][ T5318] [ 75.274045][ T5318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.277177][ T5318] ? kfree+0x1be/0x650 [ 75.279062][ T5318] ? policy_nodemask+0x27c/0x710 [ 75.281313][ T5318] alloc_pages_mpol+0x232/0x4a0 [ 75.283514][ T5318] ___kmalloc_large_node+0x4e/0x150 [ 75.285868][ T5318] __kmalloc_large_node_noprof+0x18/0x90 [ 75.288634][ T5318] __kmalloc_noprof+0x4b8/0x7e0 [ 75.290902][ T5318] ? drm_syncobj_array_find+0x3a/0x450 [ 75.293458][ T5318] ? drm_dev_enter+0x49/0x150 [ 75.295479][ T5318] drm_syncobj_array_find+0x3a/0x450 [ 75.297809][ T5318] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 75.300474][ T5318] ? drm_dev_exit+0x3a/0x60 [ 75.302329][ T5318] drm_ioctl_kernel+0x2df/0x3b0 [ 75.304035][ T5318] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 75.306744][ T5318] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.309220][ T5318] drm_ioctl+0x6ba/0xb80 [ 75.311206][ T5318] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 75.314842][ T5318] ? __pfx_drm_ioctl+0x10/0x10 [ 75.317108][ T5318] ? __fget_files+0x2a/0x420 [ 75.319607][ T5318] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.321804][ T5318] ? __pfx_drm_ioctl+0x10/0x10 [ 75.323899][ T5318] __se_sys_ioctl+0xfc/0x170 [ 75.325964][ T5318] do_syscall_64+0xe2/0xf80 [ 75.328107][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.330807][ T5318] ? trace_irq_disable+0x37/0x100 [ 75.333043][ T5318] ? clear_bhb_loop+0x60/0xb0 [ 75.335130][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.337863][ T5318] RIP: 0033:0x7effca99acb9 [ 75.339837][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.348229][ T5318] RSP: 002b:00007effcb77c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.351855][ T5318] RAX: ffffffffffffffda RBX: 00007effcac15fa0 RCX: 00007effca99acb9 [ 75.355442][ T5318] RDX: 0000200000000080 RSI: 00000000c01864cd RDI: 0000000000000004 [ 75.359036][ T5318] RBP: 00007effcaa08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 75.362459][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.366134][ T5318] R13: 00007effcac16038 R14: 00007effcac15fa0 R15: 00007ffc4e46ba68 [ 75.369562][ T5318] [ 75.370958][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.373963][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.377446][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.381105][ T5318] Call Trace: [ 75.382425][ T5318] [ 75.383749][ T5318] vpanic+0x1e0/0x670 [ 75.385548][ T5318] panic+0xc5/0xd0 [ 75.387071][ T5318] ? __pfx_panic+0x10/0x10 [ 75.388932][ T5318] __warn+0x315/0x4a0 [ 75.390618][ T5318] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.393108][ T5318] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.395497][ T5318] __report_bug+0x29a/0x540 [ 75.397241][ T5318] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.399619][ T5318] ? __pfx___report_bug+0x10/0x10 [ 75.401507][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 75.403699][ T5318] ? is_bpf_text_address+0x292/0x2b0 [ 75.405888][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 75.407988][ T5318] ? kernel_text_address+0xa5/0xe0 [ 75.410285][ T5318] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.412951][ T5318] report_bug+0x16a/0x220 [ 75.414924][ T5318] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.417415][ T5318] ? __alloc_frozen_pages_noprof+0x2d3/0x380 [ 75.419765][ T5318] handle_bug+0x98/0x200 [ 75.421300][ T5318] exc_invalid_op+0x1a/0x50 [ 75.423109][ T5318] asm_exc_invalid_op+0x1a/0x20 [ 75.424941][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 75.427589][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b ca 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 14 b6 9b 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 75.435949][ T5318] RSP: 0018:ffffc90001a97920 EFLAGS: 00010246 [ 75.438689][ T5318] RAX: ffffc90001a97900 RBX: 0000000000000015 RCX: 0000000000000000 [ 75.442213][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90001a97988 [ 75.445568][ T5318] RBP: ffffc90001a97a20 R08: ffffc90001a97987 R09: 0000000000000000 [ 75.448795][ T5318] R10: ffffc90001a97960 R11: fffff52000352f31 R12: 0000000000000000 [ 75.452131][ T5318] R13: 1ffff92000352f28 R14: 0000000000040cc0 R15: dffffc0000000000 [ 75.455413][ T5318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 75.458181][ T5318] ? kfree+0x1be/0x650 [ 75.459991][ T5318] ? policy_nodemask+0x27c/0x710 [ 75.462201][ T5318] alloc_pages_mpol+0x232/0x4a0 [ 75.464394][ T5318] ___kmalloc_large_node+0x4e/0x150 [ 75.466703][ T5318] __kmalloc_large_node_noprof+0x18/0x90 [ 75.469212][ T5318] __kmalloc_noprof+0x4b8/0x7e0 [ 75.471340][ T5318] ? drm_syncobj_array_find+0x3a/0x450 [ 75.473751][ T5318] ? drm_dev_enter+0x49/0x150 [ 75.475876][ T5318] drm_syncobj_array_find+0x3a/0x450 [ 75.478134][ T5318] drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0 [ 75.480804][ T5318] ? drm_dev_exit+0x3a/0x60 [ 75.482827][ T5318] drm_ioctl_kernel+0x2df/0x3b0 [ 75.485004][ T5318] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 75.487686][ T5318] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.489868][ T5318] drm_ioctl+0x6ba/0xb80 [ 75.491583][ T5318] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 75.494480][ T5318] ? __pfx_drm_ioctl+0x10/0x10 [ 75.496747][ T5318] ? __fget_files+0x2a/0x420 [ 75.498789][ T5318] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.500946][ T5318] ? __pfx_drm_ioctl+0x10/0x10 [ 75.503216][ T5318] __se_sys_ioctl+0xfc/0x170 [ 75.505364][ T5318] do_syscall_64+0xe2/0xf80 [ 75.507424][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.510147][ T5318] ? trace_irq_disable+0x37/0x100 [ 75.512425][ T5318] ? clear_bhb_loop+0x60/0xb0 [ 75.514744][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.517447][ T5318] RIP: 0033:0x7effca99acb9 [ 75.519416][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.527564][ T5318] RSP: 002b:00007effcb77c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.530721][ T5318] RAX: ffffffffffffffda RBX: 00007effcac15fa0 RCX: 00007effca99acb9 [ 75.534092][ T5318] RDX: 0000200000000080 RSI: 00000000c01864cd RDI: 0000000000000004 [ 75.537335][ T5318] RBP: 00007effcaa08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 75.540526][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.543568][ T5318] R13: 00007effcac16038 R14: 00007effcac15fa0 R15: 00007ffc4e46ba68 [ 75.546971][ T5318] [ 75.548555][ T5318] Kernel Offset: disabled [ 75.550421][ T5318] Rebooting in 86400 seconds..