program: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r5}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f0000000000)={0x70000, 0x10000}) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r8, 0xc03064ca, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffeffff, 0xfffffffffffffff3, 0x9}) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000040)={0x40000, 0x3c000}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002400010025bd70e9ffff070000000000060004"], 0x1c}}, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="c0000000190001000000000000000000e0000002000000000000000000000000fc01000000000000000000000000000000000000000000000a"], 0xc0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) r11 = socket$key(0xf, 0x3, 0x2) sendmmsg(r11, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={r2}, &(0x7f0000000200)=0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, 0x3}}, 0x24) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="980000001000010400"/20, @ANYRES32=r12, @ANYBLOB="00000000000000004c001280110001006272696467655f736c61766500000000340005800500190002"], 0x98}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) [ 104.411007][ T5301] Bluetooth: hci0: command tx timeout [ 104.774796][ T5324] ------------[ cut here ]------------ [ 104.778026][ T5324] 1 [ 104.778042][ T5324] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5324 [ 104.785001][ T5324] Modules linked in: [ 104.786720][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.790711][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.796189][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 104.799764][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 c9 96 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 104.808609][ T5324] RSP: 0018:ffffc9000e1b78a0 EFLAGS: 00010246 [ 104.811506][ T5324] RAX: ffffc9000e1b7800 RBX: 0000000000000016 RCX: 0000000000000000 [ 104.815557][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e1b7908 [ 104.819287][ T5324] RBP: ffffc9000e1b7988 R08: ffffc9000e1b7907 R09: 0000000000000000 [ 104.823390][ T5324] R10: ffffc9000e1b78e0 R11: fffff52001c36f21 R12: 0000000000000000 [ 104.827562][ T5324] R13: 1ffff92001c36f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 104.831646][ T5324] FS: 00007fdfcfbad6c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 104.835584][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.838693][ T5324] CR2: 00007fdfcefed6b8 CR3: 00000000118c1000 CR4: 0000000000352ef0 [ 104.842879][ T5324] Call Trace: [ 104.844668][ T5324] [ 104.846162][ T5324] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 104.849023][ T5324] ? __pfx_policy_nodemask+0x10/0x10 [ 104.851840][ T5324] ? kasan_save_track+0x4f/0x80 [ 104.854151][ T5324] ? kasan_save_track+0x3e/0x80 [ 104.856444][ T5324] ? kasan_save_free_info+0x46/0x50 [ 104.859226][ T5324] ? kfree+0x1c1/0x630 [ 104.862209][ T5324] ? tomoyo_path_number_perm+0x501/0x630 [ 104.865013][ T5324] ? security_file_ioctl+0xc3/0x2a0 [ 104.867451][ T5324] alloc_pages_mpol+0x232/0x4a0 [ 104.869590][ T5324] ___kmalloc_large_node+0x4e/0x150 [ 104.871959][ T5324] __kmalloc_large_node_noprof+0x18/0x90 [ 104.874471][ T5324] __kmalloc_noprof+0x3e8/0x760 [ 104.878111][ T5324] ? drm_syncobj_array_find+0x3a/0x440 [ 104.882697][ T5324] drm_syncobj_array_find+0x3a/0x440 [ 104.885232][ T5324] ? __lock_acquire+0x6b5/0x2cf0 [ 104.887669][ T5324] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 104.890606][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 104.893397][ T5324] drm_ioctl_kernel+0x2df/0x3b0 [ 104.895656][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 104.898774][ T5324] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 104.901823][ T5324] drm_ioctl+0x6ba/0xb80 [ 104.904220][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 104.907256][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 104.909325][ T5324] ? __fget_files+0x2a/0x420 [ 104.911507][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 104.913583][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 104.916128][ T5324] __se_sys_ioctl+0xfc/0x170 [ 104.918684][ T5324] do_syscall_64+0x14d/0xf80 [ 104.921439][ T5324] ? trace_irq_disable+0x3b/0x150 [ 104.923937][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.926651][ T5324] ? clear_bhb_loop+0x40/0x90 [ 104.928794][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.931330][ T5324] RIP: 0033:0x7fdfced9c819 [ 104.933201][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.942972][ T5324] RSP: 002b:00007fdfcfbacfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.946606][ T5324] RAX: ffffffffffffffda RBX: 00007fdfcf015fa0 RCX: 00007fdfced9c819 [ 104.951126][ T5324] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000b [ 104.955388][ T5324] RBP: 00007fdfcee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 104.959006][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.963354][ T5324] R13: 00007fdfcf016038 R14: 00007fdfcf015fa0 R15: 00007fff4b478df8 [ 104.967003][ T5324] [ 104.968443][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 104.971878][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.976807][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.981108][ T5324] Call Trace: [ 104.982718][ T5324] [ 104.984187][ T5324] vpanic+0x56c/0xa60 [ 104.986391][ T5324] ? __pfx__printk+0x10/0x10 [ 104.989387][ T5324] ? __pfx_vpanic+0x10/0x10 [ 104.991597][ T5324] ? is_bpf_text_address+0x292/0x2b0 [ 104.993916][ T5324] ? is_bpf_text_address+0x26/0x2b0 [ 104.996467][ T5324] panic+0xc5/0xd0 [ 104.998844][ T5324] ? __pfx_panic+0x10/0x10 [ 105.001007][ T5324] __warn+0x315/0x4f0 [ 105.002963][ T5324] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.005667][ T5324] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.008622][ T5324] __report_bug+0x29a/0x540 [ 105.011676][ T5324] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.015056][ T5324] ? __pfx___report_bug+0x10/0x10 [ 105.017488][ T5324] ? is_bpf_text_address+0x26/0x2b0 [ 105.019815][ T5324] ? is_bpf_text_address+0x292/0x2b0 [ 105.022613][ T5324] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.025954][ T5324] report_bug+0x16a/0x220 [ 105.028471][ T5324] ? __alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.031057][ T5324] ? __alloc_frozen_pages_noprof+0x2d3/0x380 [ 105.033868][ T5324] handle_bug+0x9c/0x200 [ 105.036227][ T5324] exc_invalid_op+0x1a/0x50 [ 105.038722][ T5324] asm_exc_invalid_op+0x1a/0x20 [ 105.041062][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380 [ 105.044113][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 8b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 c9 96 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 105.053621][ T5324] RSP: 0018:ffffc9000e1b78a0 EFLAGS: 00010246 [ 105.056226][ T5324] RAX: ffffc9000e1b7800 RBX: 0000000000000016 RCX: 0000000000000000 [ 105.059829][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e1b7908 [ 105.063909][ T5324] RBP: ffffc9000e1b7988 R08: ffffc9000e1b7907 R09: 0000000000000000 [ 105.067806][ T5324] R10: ffffc9000e1b78e0 R11: fffff52001c36f21 R12: 0000000000000000 [ 105.071183][ T5324] R13: 1ffff92001c36f18 R14: 0000000000040cc0 R15: dffffc0000000000 [ 105.074825][ T5324] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 105.077903][ T5324] ? __pfx_policy_nodemask+0x10/0x10 [ 105.080363][ T5324] ? kasan_save_track+0x4f/0x80 [ 105.082625][ T5324] ? kasan_save_track+0x3e/0x80 [ 105.084879][ T5324] ? kasan_save_free_info+0x46/0x50 [ 105.087270][ T5324] ? kfree+0x1c1/0x630 [ 105.088997][ T5324] ? tomoyo_path_number_perm+0x501/0x630 [ 105.091422][ T5324] ? security_file_ioctl+0xc3/0x2a0 [ 105.093769][ T5324] alloc_pages_mpol+0x232/0x4a0 [ 105.095915][ T5324] ___kmalloc_large_node+0x4e/0x150 [ 105.098278][ T5324] __kmalloc_large_node_noprof+0x18/0x90 [ 105.100731][ T5324] __kmalloc_noprof+0x3e8/0x760 [ 105.102966][ T5324] ? drm_syncobj_array_find+0x3a/0x440 [ 105.105289][ T5324] drm_syncobj_array_find+0x3a/0x440 [ 105.107793][ T5324] ? __lock_acquire+0x6b5/0x2cf0 [ 105.109691][ T5324] drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0 [ 105.112511][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 105.115599][ T5324] drm_ioctl_kernel+0x2df/0x3b0 [ 105.118083][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 105.121214][ T5324] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 105.124120][ T5324] drm_ioctl+0x6ba/0xb80 [ 105.126084][ T5324] ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10 [ 105.129184][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 105.131554][ T5324] ? __fget_files+0x2a/0x420 [ 105.134438][ T5324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 105.137383][ T5324] ? __pfx_drm_ioctl+0x10/0x10 [ 105.139483][ T5324] __se_sys_ioctl+0xfc/0x170 [ 105.141466][ T5324] do_syscall_64+0x14d/0xf80 [ 105.143525][ T5324] ? trace_irq_disable+0x3b/0x150 [ 105.145808][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.148966][ T5324] ? clear_bhb_loop+0x40/0x90 [ 105.151552][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.154360][ T5324] RIP: 0033:0x7fdfced9c819 [ 105.156257][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.165157][ T5324] RSP: 002b:00007fdfcfbacfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.169537][ T5324] RAX: ffffffffffffffda RBX: 00007fdfcf015fa0 RCX: 00007fdfced9c819 [ 105.173109][ T5324] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000b [ 105.176881][ T5324] RBP: 00007fdfcee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 105.180822][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.184170][ T5324] R13: 00007fdfcf016038 R14: 00007fdfcf015fa0 R15: 00007fff4b478df8 [ 105.187712][ T5324] [ 105.189802][ T5324] Kernel Offset: disabled [ 105.192258][ T5324] Rebooting in 86400 seconds..