program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) (async)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r1, 0xc02864c3, &(0x7f0000000080)={0x0, 0xfff, 0xffffffffffffffca, 0x4}) (async)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4, 0x3}, 0x1c)
setresuid(0x0, 0xee00, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = gettid() (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r4 = syz_open_procfs(r3, &(0x7f0000000040)='net/connector\x00')
read$FUSE(r4, &(0x7f00000036c0)={0x2020}, 0x2020)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0xe, @ipv4={'\x00', '\xff\xff', @remote}, 0x80000000}, 0x1c)
[ 87.420068][ T5291] Bluetooth: hci0: command tx timeout
[ 87.504128][ T5331] ------------[ cut here ]------------
[ 87.506578][ T5331] 1
[ 87.506588][ T5331] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5331
[ 87.512083][ T5331] Modules linked in:
[ 87.513778][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 87.517785][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.522217][ T5331] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.525111][ T5331] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 5b 22 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[ 87.533711][ T5331] RSP: 0018:ffffc9000748f8c0 EFLAGS: 00010246
[ 87.536177][ T5331] RAX: ffffc9000748f900 RBX: 0000000000000016 RCX: 0000000000000000
[ 87.539531][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000748f928
[ 87.542550][ T5331] RBP: ffffc9000748f9b0 R08: ffffc9000748f927 R09: 0000000000000000
[ 87.545643][ T5331] R10: ffffc9000748f900 R11: fffff52000e91f25 R12: 0000000000000000
[ 87.549063][ T5331] R13: 1ffff92000e91f1c R14: 0000000000040cc0 R15: dffffc0000000000
[ 87.552468][ T5331] FS: 00007f68281b46c0(0000) GS:ffff88808c87e000(0000) knlGS:0000000000000000
[ 87.556629][ T5331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 87.559810][ T5331] CR2: 00007f682814d9d0 CR3: 0000000033950000 CR4: 0000000000352ef0
[ 87.563239][ T5331] Call Trace:
[ 87.564748][ T5331]
[ 87.566032][ T5331] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 87.568838][ T5331] ? __pfx_policy_nodemask+0x10/0x10
[ 87.571197][ T5331] ? kasan_save_free_info+0x46/0x50
[ 87.573441][ T5331] ? __kasan_slab_free+0x5c/0x80
[ 87.575610][ T5331] ? kfree+0x1c5/0x640
[ 87.577394][ T5331] ? tomoyo_path_number_perm+0x501/0x630
[ 87.579827][ T5331] ? security_file_ioctl+0xc3/0x2a0
[ 87.582007][ T5331] ? do_syscall_64+0x15f/0xf80
[ 87.584110][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.586623][ T5331] alloc_pages_mpol+0x235/0x490
[ 87.588943][ T5331] ___kmalloc_large_node+0x4e/0x120
[ 87.591166][ T5331] __kmalloc_large_node_noprof+0x18/0x90
[ 87.593496][ T5331] __kmalloc_noprof+0x3e8/0x760
[ 87.595557][ T5331] ? drm_syncobj_array_find+0x3a/0x440
[ 87.598012][ T5331] drm_syncobj_array_find+0x3a/0x440
[ 87.600350][ T5331] drm_syncobj_wait_ioctl+0x200/0x690
[ 87.602653][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.605130][ T5331] drm_ioctl_kernel+0x2df/0x3b0
[ 87.607243][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.609864][ T5331] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 87.612340][ T5331] drm_ioctl+0x6ba/0xb80
[ 87.614226][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.616719][ T5331] ? __pfx_drm_ioctl+0x10/0x10
[ 87.618757][ T5331] ? __fget_files+0x2a/0x420
[ 87.620836][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20
[ 87.622846][ T5331] ? __pfx_drm_ioctl+0x10/0x10
[ 87.625008][ T5331] __se_sys_ioctl+0xfc/0x170
[ 87.627058][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.629682][ T5331] do_syscall_64+0x15f/0xf80
[ 87.631504][ T5331] ? trace_irq_disable+0x3b/0x140
[ 87.633687][ T5331] ? clear_bhb_loop+0x40/0x90
[ 87.635699][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.638393][ T5331] RIP: 0033:0x7f682739ce59
[ 87.640352][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.648263][ T5331] RSP: 002b:00007f68281b3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 87.651805][ T5331] RAX: ffffffffffffffda RBX: 00007f6827615fa0 RCX: 00007f682739ce59
[ 87.655347][ T5331] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 0000000000000004
[ 87.659420][ T5331] RBP: 00007f6827432d6f R08: 0000000000000000 R09: 0000000000000000
[ 87.662875][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 87.666837][ T5331] R13: 00007f6827616038 R14: 00007f6827615fa0 R15: 00007ffd3d0834e8
[ 87.671895][ T5331]
[ 87.673366][ T5331] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 87.676483][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 87.680476][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 87.684750][ T5331] Call Trace:
[ 87.686172][ T5331]
[ 87.687415][ T5331] vpanic+0x56c/0xa60
[ 87.689094][ T5331] ? __pfx__printk+0x10/0x10
[ 87.691090][ T5331] ? __pfx_vpanic+0x10/0x10
[ 87.693028][ T5331] ? is_bpf_text_address+0x292/0x2b0
[ 87.695294][ T5331] ? is_bpf_text_address+0x26/0x2b0
[ 87.697462][ T5331] panic+0xc5/0xd0
[ 87.699117][ T5331] ? __pfx_panic+0x10/0x10
[ 87.701124][ T5331] __warn+0x315/0x4c0
[ 87.702897][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.705458][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.708014][ T5331] __report_bug+0x29a/0x540
[ 87.710126][ T5331] ? unwind_next_frame+0xa6/0x2550
[ 87.712316][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.714866][ T5331] ? __pfx___report_bug+0x10/0x10
[ 87.717032][ T5331] ? is_bpf_text_address+0x26/0x2b0
[ 87.719255][ T5331] ? is_bpf_text_address+0x292/0x2b0
[ 87.721470][ T5331] ? is_bpf_text_address+0x26/0x2b0
[ 87.723722][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.726366][ T5331] report_bug+0x16a/0x220
[ 87.728313][ T5331] ? __alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.731045][ T5331] ? __alloc_frozen_pages_noprof+0x2d3/0x380
[ 87.733734][ T5331] handle_bug+0x9c/0x200
[ 87.735655][ T5331] exc_invalid_op+0x1a/0x50
[ 87.737692][ T5331] asm_exc_invalid_op+0x1a/0x20
[ 87.739881][ T5331] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[ 87.742688][ T5331] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 5b 22 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[ 87.750635][ T5331] RSP: 0018:ffffc9000748f8c0 EFLAGS: 00010246
[ 87.753237][ T5331] RAX: ffffc9000748f900 RBX: 0000000000000016 RCX: 0000000000000000
[ 87.756462][ T5331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000748f928
[ 87.759749][ T5331] RBP: ffffc9000748f9b0 R08: ffffc9000748f927 R09: 0000000000000000
[ 87.763095][ T5331] R10: ffffc9000748f900 R11: fffff52000e91f25 R12: 0000000000000000
[ 87.766473][ T5331] R13: 1ffff92000e91f1c R14: 0000000000040cc0 R15: dffffc0000000000
[ 87.769790][ T5331] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 87.772694][ T5331] ? __pfx_policy_nodemask+0x10/0x10
[ 87.774950][ T5331] ? kasan_save_free_info+0x46/0x50
[ 87.777222][ T5331] ? __kasan_slab_free+0x5c/0x80
[ 87.779238][ T5331] ? kfree+0x1c5/0x640
[ 87.780992][ T5331] ? tomoyo_path_number_perm+0x501/0x630
[ 87.783362][ T5331] ? security_file_ioctl+0xc3/0x2a0
[ 87.785672][ T5331] ? do_syscall_64+0x15f/0xf80
[ 87.788030][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.790726][ T5331] alloc_pages_mpol+0x235/0x490
[ 87.792843][ T5331] ___kmalloc_large_node+0x4e/0x120
[ 87.795138][ T5331] __kmalloc_large_node_noprof+0x18/0x90
[ 87.797445][ T5331] __kmalloc_noprof+0x3e8/0x760
[ 87.799151][ T5331] ? drm_syncobj_array_find+0x3a/0x440
[ 87.801318][ T5331] drm_syncobj_array_find+0x3a/0x440
[ 87.803447][ T5331] drm_syncobj_wait_ioctl+0x200/0x690
[ 87.805674][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.808126][ T5331] drm_ioctl_kernel+0x2df/0x3b0
[ 87.810285][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.812641][ T5331] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 87.814752][ T5331] drm_ioctl+0x6ba/0xb80
[ 87.816300][ T5331] ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[ 87.818612][ T5331] ? __pfx_drm_ioctl+0x10/0x10
[ 87.820501][ T5331] ? __fget_files+0x2a/0x420
[ 87.822389][ T5331] ? bpf_lsm_file_ioctl+0x9/0x20
[ 87.824528][ T5331] ? __pfx_drm_ioctl+0x10/0x10
[ 87.826403][ T5331] __se_sys_ioctl+0xfc/0x170
[ 87.828339][ T5331] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.830835][ T5331] do_syscall_64+0x15f/0xf80
[ 87.832801][ T5331] ? trace_irq_disable+0x3b/0x140
[ 87.835001][ T5331] ? clear_bhb_loop+0x40/0x90
[ 87.836946][ T5331] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.839174][ T5331] RIP: 0033:0x7f682739ce59
[ 87.841136][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.849239][ T5331] RSP: 002b:00007f68281b3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 87.852699][ T5331] RAX: ffffffffffffffda RBX: 00007f6827615fa0 RCX: 00007f682739ce59
[ 87.856040][ T5331] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 0000000000000004
[ 87.859483][ T5331] RBP: 00007f6827432d6f R08: 0000000000000000 R09: 0000000000000000
[ 87.862713][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 87.865880][ T5331] R13: 00007f6827616038 R14: 00007f6827615fa0 R15: 00007ffd3d0834e8
[ 87.869237][ T5331]
[ 87.870985][ T5331] Kernel Offset: disabled
[ 87.872893][ T5331] Rebooting in 86400 seconds..