program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="3400000010000d042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="010000000000000014001280090001811d660f84011e2cdd134700625c4b0f7dea8f8aa344d376996093d28fc2cfab2c63c106d5e2aff86db6bfde40"], 0x34}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1200000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000002000000000000e2463fb2764c90287ebd7671c6058efd8c0adc96bc154a644f0ce02c2b8559c92de032038760208f043fae18a6006dc8c1208e81aaa7edc01e2b0ccfed67f66ab0ec07886510b030235149fedbef02a33efd8650dbc4cff622067606121c9bd80d64c6273455678f95103ebd26115bd00a9ceaef9575afc9e5538a4214c15897176f24455100809e682a72a4f8900ecf30db3e5300a30ff069e2df339e97de234e771097edb2126062de2be80f14ecdded818615010abbef6467bf626203169c4345dc3f1adb3cab1de4b15b33e3321e9d64748b984177f0994b822894f4"], 0x50)
capset(&(0x7f0000000dc0)={0x20080522}, &(0x7f0000000e00)={0x0, 0x4, 0x4, 0x0, 0x80000, 0xffffffff})
r5 = memfd_secret(0x0)
r6 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r6, 0xc00864bf, &(0x7f0000000000)={<r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r6, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r7], 0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r6, 0xc01064c1, &(0x7f00000002c0)={r7})
r8 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r8, 0xc00864bf, &(0x7f0000000000)={<r9=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r8, 0xc02864c3, &(0x7f00000000c0)={&(0x7f0000000040)=[r9], 0x2, 0x3ffffffffffffd05, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r5, 0xc01064c5, &(0x7f0000000200)={&(0x7f0000000040)=[r7, r9], 0x2})
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r10, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r10, &(0x7f0000000340)="23000000010007", 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x2a, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYRESHEX=r8, @ANYRES64=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfaf00000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r4, @ANYRESHEX=r7], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = socket(0x1, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r12], 0x44}}, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
r14 = socket(0x1, 0x803, 0x0)
getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0800007469008d000280080004006401010008000a00"/36, @ANYRES32=r15, @ANYBLOB], 0x40}}, 0x0)

[   73.952974][ T4664] Bluetooth: hci0: command tx timeout
[   74.003038][ T5315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   74.028562][ T5315] ------------[ cut here ]------------
[   74.031518][ T5315] 1
[   74.031528][ T5315] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5315
[   74.037872][ T5315] Modules linked in:
[   74.040163][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.044031][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.048284][ T5315] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   74.051421][ T5315] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 e7 8d d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   74.059819][ T5315] RSP: 0018:ffffc9000f6578c0 EFLAGS: 00010246
[   74.062453][ T5315] RAX: ffffc9000f657900 RBX: 0000000000000016 RCX: 0000000000000000
[   74.065790][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f657928
[   74.069413][ T5315] RBP: ffffc9000f6579a8 R08: ffffc9000f657927 R09: 0000000000000000
[   74.072754][ T5315] R10: ffffc9000f657900 R11: fffff52001ecaf25 R12: 0000000000000000
[   74.076043][ T5315] R13: 1ffff92001ecaf1c R14: 0000000000040cc0 R15: dffffc0000000000
[   74.079869][ T5315] FS:  00007fa167c6d6c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   74.083721][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.086530][ T5315] CR2: 00007fa166fec6b8 CR3: 0000000042634000 CR4: 0000000000352ef0
[   74.090097][ T5315] Call Trace:
[   74.091551][ T5315]  <TASK>
[   74.092848][ T5315]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   74.095628][ T5315]  ? __pfx_policy_nodemask+0x10/0x10
[   74.098064][ T5315]  ? kasan_save_free_info+0x46/0x50
[   74.100469][ T5315]  ? __kasan_slab_free+0x5c/0x80
[   74.102816][ T5315]  ? kfree+0x1c1/0x630
[   74.104806][ T5315]  ? tomoyo_path_number_perm+0x501/0x630
[   74.107496][ T5315]  ? security_file_ioctl+0xc3/0x2a0
[   74.110173][ T5315]  ? do_syscall_64+0x14d/0xf80
[   74.112379][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.115096][ T5315]  alloc_pages_mpol+0x232/0x4a0
[   74.117245][ T5315]  ___kmalloc_large_node+0x4e/0x150
[   74.119587][ T5315]  __kmalloc_large_node_noprof+0x18/0x90
[   74.122074][ T5315]  __kmalloc_noprof+0x3e8/0x760
[   74.124292][ T5315]  ? drm_syncobj_array_find+0x3a/0x440
[   74.126772][ T5315]  drm_syncobj_array_find+0x3a/0x440
[   74.129131][ T5315]  drm_syncobj_wait_ioctl+0x200/0x690
[   74.131395][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.133861][ T5315]  drm_ioctl_kernel+0x2df/0x3b0
[   74.135735][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.137961][ T5315]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   74.140171][ T5315]  drm_ioctl+0x6ba/0xb80
[   74.141919][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.144407][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   74.146548][ T5315]  ? __fget_files+0x2a/0x420
[   74.148732][ T5315]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.150805][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   74.153122][ T5315]  __se_sys_ioctl+0xfc/0x170
[   74.155342][ T5315]  do_syscall_64+0x14d/0xf80
[   74.157356][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.159853][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.162630][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.164752][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.167361][ T5315] RIP: 0033:0x7fa166d9c629
[   74.169801][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.178726][ T5315] RSP: 002b:00007fa167c6d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.182302][ T5315] RAX: ffffffffffffffda RBX: 00007fa167015fa0 RCX: 00007fa166d9c629
[   74.185622][ T5315] RDX: 00002000000000c0 RSI: 00000000c02864c3 RDI: 0000000000000009
[   74.189270][ T5315] RBP: 00007fa166e32b39 R08: 0000000000000000 R09: 0000000000000000
[   74.192818][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.196357][ T5315] R13: 00007fa167016038 R14: 00007fa167015fa0 R15: 00007ffdc3af5878
[   74.199870][ T5315]  </TASK>
[   74.201334][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.204591][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.208387][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.212656][ T5315] Call Trace:
[   74.214184][ T5315]  <TASK>
[   74.215460][ T5315]  vpanic+0x56c/0xa60
[   74.217329][ T5315]  ? __pfx__printk+0x10/0x10
[   74.219472][ T5315]  ? __pfx_vpanic+0x10/0x10
[   74.221505][ T5315]  ? is_bpf_text_address+0x292/0x2b0
[   74.223865][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   74.226168][ T5315]  panic+0xc5/0xd0
[   74.227905][ T5315]  ? __pfx_panic+0x10/0x10
[   74.230135][ T5315]  __warn+0x315/0x4f0
[   74.231775][ T5315]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   74.234327][ T5315]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   74.237141][ T5315]  __report_bug+0x29a/0x540
[   74.239237][ T5315]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   74.241888][ T5315]  ? __pfx___report_bug+0x10/0x10
[   74.244217][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   74.246606][ T5315]  ? is_bpf_text_address+0x292/0x2b0
[   74.248873][ T5315]  ? is_bpf_text_address+0x26/0x2b0
[   74.251346][ T5315]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   74.254320][ T5315]  report_bug+0x16a/0x220
[   74.256301][ T5315]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   74.259245][ T5315]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   74.261848][ T5315]  handle_bug+0x98/0x200
[   74.263822][ T5315]  exc_invalid_op+0x1a/0x50
[   74.265849][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   74.268063][ T5315] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   74.271158][ T5315] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 e7 8d d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   74.280043][ T5315] RSP: 0018:ffffc9000f6578c0 EFLAGS: 00010246
[   74.282766][ T5315] RAX: ffffc9000f657900 RBX: 0000000000000016 RCX: 0000000000000000
[   74.285951][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f657928
[   74.289428][ T5315] RBP: ffffc9000f6579a8 R08: ffffc9000f657927 R09: 0000000000000000
[   74.292751][ T5315] R10: ffffc9000f657900 R11: fffff52001ecaf25 R12: 0000000000000000
[   74.296029][ T5315] R13: 1ffff92001ecaf1c R14: 0000000000040cc0 R15: dffffc0000000000
[   74.299353][ T5315]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   74.302022][ T5315]  ? __pfx_policy_nodemask+0x10/0x10
[   74.304477][ T5315]  ? kasan_save_free_info+0x46/0x50
[   74.306812][ T5315]  ? __kasan_slab_free+0x5c/0x80
[   74.308900][ T5315]  ? kfree+0x1c1/0x630
[   74.310698][ T5315]  ? tomoyo_path_number_perm+0x501/0x630
[   74.313213][ T5315]  ? security_file_ioctl+0xc3/0x2a0
[   74.315487][ T5315]  ? do_syscall_64+0x14d/0xf80
[   74.317563][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.320291][ T5315]  alloc_pages_mpol+0x232/0x4a0
[   74.322393][ T5315]  ___kmalloc_large_node+0x4e/0x150
[   74.324736][ T5315]  __kmalloc_large_node_noprof+0x18/0x90
[   74.327184][ T5315]  __kmalloc_noprof+0x3e8/0x760
[   74.329365][ T5315]  ? drm_syncobj_array_find+0x3a/0x440
[   74.331812][ T5315]  drm_syncobj_array_find+0x3a/0x440
[   74.334238][ T5315]  drm_syncobj_wait_ioctl+0x200/0x690
[   74.336495][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.339029][ T5315]  drm_ioctl_kernel+0x2df/0x3b0
[   74.341226][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.343691][ T5315]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   74.345844][ T5315]  drm_ioctl+0x6ba/0xb80
[   74.347527][ T5315]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   74.349700][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   74.351811][ T5315]  ? __fget_files+0x2a/0x420
[   74.353850][ T5315]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.356049][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   74.358087][ T5315]  __se_sys_ioctl+0xfc/0x170
[   74.360170][ T5315]  do_syscall_64+0x14d/0xf80
[   74.362183][ T5315]  ? trace_irq_disable+0x3b/0x150
[   74.364448][ T5315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.367163][ T5315]  ? clear_bhb_loop+0x40/0x90
[   74.369575][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.372730][ T5315] RIP: 0033:0x7fa166d9c629
[   74.374793][ T5315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.383081][ T5315] RSP: 002b:00007fa167c6d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.386719][ T5315] RAX: ffffffffffffffda RBX: 00007fa167015fa0 RCX: 00007fa166d9c629
[   74.390169][ T5315] RDX: 00002000000000c0 RSI: 00000000c02864c3 RDI: 0000000000000009
[   74.393513][ T5315] RBP: 00007fa166e32b39 R08: 0000000000000000 R09: 0000000000000000
[   74.396794][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.400811][ T5315] R13: 00007fa167016038 R14: 00007fa167015fa0 R15: 00007ffdc3af5878
[   74.404453][ T5315]  </TASK>
[   74.406221][ T5315] Kernel Offset: disabled
[   74.408226][ T5315] Rebooting in 86400 seconds..