program:
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r0 = eventfd2(0xfffffffb, 0x100001)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
socketpair(0x6, 0x2, 0x5, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002abd7000ffdbdf25170000000c8469149befa16f420f9a80469b93573678d521753edbdd065bd25d1a54d65948d9f6c1e0b97c69e4b7b38a98436e03889a5c8633bf243fd574efa53aa588118ff41ef5feeeafbf692e5bbc33d1850b701539afd3552ac1bd94941a728d8324d7803a104fbf22d28425285baf1238007ddbd72b7625c34d2c97f4ff2deee427a80428de1376e82b0e24b55c"], 0x14}}, 0x80)
sendmsg$TIPC_NL_SOCK_GET(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="84010000", @ANYRES16=r3, @ANYBLOB="10002dbd7000fedbdf2506000000980004802400078008000200ff0000000800030000800000080003000a04000008000400008000002c00078008000400070000000800030004000000080004000200000008000200ff03000008000200040000001300010062726f6164636173742d6c696e6b00000900010073797a31000000002400078008000400000000000800010010000000080001001000000008000300860c0000540007800c00040004000000000000000800010008000000080001000a0000000c000400080000000000000008000100e9ec00000c0003000100000000000000080002000d0000000c00030004000000000000001c0007800c00040002000000000000000c000300fcffffffffffffff6800068004000200080001000008000008000100ffffff7f3d00040067636d286165732900000000000000000000000000000000000000000000000015000000904bf60665aa7f7d7deeb15d613f99e38943b0cb2d00000008000600020000000400051004000500"], 0x184}}, 0x80)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="fcffffff0000e5930c581afaacde000000000000032cdc5918e32ab3005c84c50b81bca732eda047afde0b858424c3b7b60ba624e2067c6ff300c660e57caa686407b225bb4c2d116490a1d5d7dff1dc26278e37d002f41c7248af75c5a2ce53e6e889ec942ccaf96546c74daeb2adadf79df1b872f96824cf558d3c6e8ecd9c5c141493ec4694ed426f15e4591a577251de96ae034f3f51f38bae027bcb988dd9482083d1a39701397621ce442c05817960d23e0ec86dcb877236edc7a428dacc3f564c683e99adcd2e49eff4be73dfae5b88a1bf0043f1ee2e561dd5a481f77b602665e7af60da65cf445339b2e0cba822867ea653201578ff7500be9e68bb0e45f13ff10bb7abd8753275c6d3", @ANYRES32=0x1, @ANYBLOB="0d08000002001e1a40776dc11a2b0000000000004e5d84f784f913af980e1aaf0012bc063e42786118504e7952bc3661c1bab051728c31c8b2427407", @ANYRESHEX=r0, @ANYRES32, @ANYRESDEC=r3], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000005c0)}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6}]})
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = dup2(r7, r6)
close_range(r8, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{0xffffffffffffffff, <r9=>0xffffffffffffffff}, &(0x7f0000000640), &(0x7f0000000680)}, 0x20)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000980)={<r10=>0x0, @empty, @loopback}, &(0x7f00000009c0)=0xc)
r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b00)={&(0x7f0000000f00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa0, 0xa0, 0x5, [@volatile={0x7, 0x0, 0x0, 0x9, 0x2}, @float={0x8}, @func={0xa, 0x0, 0x0, 0xc, 0x5}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0x0, 0x4}, {0x1, 0x4}, {0x7, 0x4}]}, @enum64={0x10, 0x4, 0x0, 0x13, 0x1, 0x0, [{0x2, 0x3, 0xc4}, {0x6, 0x3, 0x80000000}, {0xe, 0xffffffff, 0x5}, {0x1, 0x3, 0x1}]}, @type_tag={0x6, 0x0, 0x0, 0x12, 0x5}, @int={0xf, 0x0, 0x0, 0x1, 0x0, 0x36, 0x0, 0x1b, 0x3}]}, {0x0, [0x30, 0x41, 0x5f]}}, &(0x7f0000000ac0)=""/17, 0xbd, 0x11, 0x1, 0x6}, 0x28)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c00)={{0xffffffffffffffff, <r12=>0xffffffffffffffff}, &(0x7f0000000b80), &(0x7f0000000bc0)}, 0x20)
r13 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r13)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xdb, 0x9d, 0x1b, 0x8, 0x12d1, 0xfae2, 0x708b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x4, 0x1a}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r13, 0xc0085504, &(0x7f0000000400))
r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
fallocate(r14, 0x0, 0x0, 0x10fff9)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c40)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5}, 0x50)
r16 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@bloom_filter={0x1e, 0xffffffff, 0x3, 0x7fff, 0x500a1, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x2, 0xc}, 0x50)
r17 = openat$incfs(0xffffffffffffffff, &(0x7f0000000d40)='.log\x00', 0x40, 0x185)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0x29, &(0x7f0000000700)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x0, 0x7fff}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ad}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r8}}, @generic={0x7, 0x9, 0x5, 0xc13}, @initr0={0x18, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0xad}, @tail_call={{0x18, 0x2, 0x1, 0x0, r9}}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000880)='GPL\x00', 0x3, 0x99, &(0x7f00000008c0)=""/153, 0x41100, 0x1c, '\x00', r10, 0x0, r11, 0x8, &(0x7f0000000b40)={0xa, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d80)=[r12, r14, r15, r16, r17], 0x0, 0x10, 0xffffffff}, 0x94)

[   76.184470][ T4667] Bluetooth: hci0: command tx timeout
[   76.290686][   T25] audit: type=1326 audit(1764572854.248:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5324 comm="syz.0.0" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f336378f7c9 code=0x0
[   76.461055][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.463598][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.806357][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.956261][    T9] usb 5-1: Using ep0 maxpacket: 8
[   76.977723][    T9] usb 5-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[   76.981586][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.985684][    T9] usb 5-1: Product: syz
[   76.988546][    T9] usb 5-1: Manufacturer: syz
[   76.990753][    T9] usb 5-1: SerialNumber: syz
[   77.009740][    T9] usb 5-1: config 0 descriptor??
[   77.028408][    T9] option 5-1:0.0: GSM modem (1-port) converter detected
[   77.215619][ T5326] ------------[ cut here ]------------
[   77.218087][ T5326] WARNING: CPU: 0 PID: 5326 at mm/page_alloc.c:5154 __alloc_frozen_pages_noprof+0x2c8/0x370
[   77.222117][ T5326] Modules linked in:
[   77.224134][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.228759][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.233584][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   77.236621][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 c3 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 44 86 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   77.244947][ T5326] RSP: 0018:ffffc9000d68f920 EFLAGS: 00010246
[   77.247546][ T5326] RAX: ffffc9000d68f900 RBX: 0000000000000014 RCX: 0000000000000000
[   77.250797][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d68f988
[   77.254042][ T5326] RBP: ffffc9000d68fa18 R08: ffffc9000d68f987 R09: 0000000000000000
[   77.258974][ T5326] R10: ffffc9000d68f960 R11: fffff52001ad1f31 R12: 0000000000000000
[   77.262851][ T5326] R13: 1ffff92001ad1f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   77.266620][ T5326] FS:  00007f33646e46c0(0000) GS:ffff88808d72d000(0000) knlGS:0000000000000000
[   77.270448][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.273192][ T5326] CR2: 00005565de5806a0 CR3: 0000000042f6e000 CR4: 0000000000352ef0
[   77.276741][ T5326] Call Trace:
[   77.278311][ T5326]  <TASK>
[   77.279628][ T5326]  ? kasan_save_track+0x3e/0x80
[   77.281829][ T5326]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   77.284909][ T5326]  ? policy_nodemask+0x27c/0x720
[   77.287468][ T5326]  ? __lock_acquire+0xab9/0xd20
[   77.289705][ T5326]  alloc_pages_mpol+0x232/0x4a0
[   77.291841][ T5326]  ___kmalloc_large_node+0x5f/0x1b0
[   77.294145][ T5326]  __kmalloc_large_node_noprof+0x18/0x90
[   77.296939][ T5326]  __kmalloc_noprof+0x4bd/0x7f0
[   77.299178][ T5326]  ? raw_ioctl+0x1962/0x3be0
[   77.301343][ T5326]  raw_ioctl+0x1962/0x3be0
[   77.303434][ T5326]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   77.305886][ T5326]  ? do_vfs_ioctl+0xbe8/0x1430
[   77.308060][ T5326]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   77.310479][ T5326]  ? __pfx_raw_ioctl+0x10/0x10
[   77.312525][ T5326]  ? __might_fault+0xb0/0x130
[   77.314779][ T5326]  ? __fget_files+0x2a/0x420
[   77.316915][ T5326]  ? __fget_files+0x3a0/0x420
[   77.319042][ T5326]  ? __fget_files+0x2a/0x420
[   77.320919][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.323036][ T5326]  ? __pfx_raw_ioctl+0x10/0x10
[   77.325549][ T5326]  __se_sys_ioctl+0xfc/0x170
[   77.328176][ T5326]  do_syscall_64+0xfa/0xfa0
[   77.330555][ T5326]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.332833][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.335576][ T5326]  ? clear_bhb_loop+0x60/0xb0
[   77.339181][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.341966][ T5326] RIP: 0033:0x7f336378f7c9
[   77.344081][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.352593][ T5326] RSP: 002b:00007f33646e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.356153][ T5326] RAX: ffffffffffffffda RBX: 00007f33639e6090 RCX: 00007f336378f7c9
[   77.359323][ T5326] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 0000000000000005
[   77.362366][ T5326] RBP: 00007f3363813f91 R08: 0000000000000000 R09: 0000000000000000
[   77.365514][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.368880][ T5326] R13: 00007f33639e6128 R14: 00007f33639e6090 R15: 00007fffc6a33e18
[   77.372304][ T5326]  </TASK>
[   77.373686][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.376947][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.381113][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.386530][ T5326] Call Trace:
[   77.388450][ T5326]  <TASK>
[   77.389765][ T5326]  dump_stack_lvl+0x99/0x250
[   77.392067][ T5326]  ? __asan_memcpy+0x40/0x70
[   77.394135][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.396486][ T5326]  ? __pfx__printk+0x10/0x10
[   77.398537][ T5326]  vpanic+0x237/0x6d0
[   77.400310][ T5326]  ? __pfx_vpanic+0x10/0x10
[   77.402304][ T5326]  panic+0xb9/0xc0
[   77.403839][ T5326]  ? __pfx_panic+0x10/0x10
[   77.405725][ T5326]  __warn+0x31b/0x4b0
[   77.407797][ T5326]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   77.410374][ T5326]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   77.413080][ T5326]  report_bug+0x2be/0x4f0
[   77.415111][ T5326]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   77.417891][ T5326]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   77.420487][ T5326]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   77.423058][ T5326]  handle_bug+0x84/0x160
[   77.424920][ T5326]  exc_invalid_op+0x1a/0x50
[   77.426927][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   77.429151][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   77.432357][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 c3 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 44 86 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   77.440425][ T5326] RSP: 0018:ffffc9000d68f920 EFLAGS: 00010246
[   77.443116][ T5326] RAX: ffffc9000d68f900 RBX: 0000000000000014 RCX: 0000000000000000
[   77.446602][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d68f988
[   77.449830][ T5326] RBP: ffffc9000d68fa18 R08: ffffc9000d68f987 R09: 0000000000000000
[   77.453210][ T5326] R10: ffffc9000d68f960 R11: fffff52001ad1f31 R12: 0000000000000000
[   77.456716][ T5326] R13: 1ffff92001ad1f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   77.459921][ T5326]  ? kasan_save_track+0x3e/0x80
[   77.461987][ T5326]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   77.464731][ T5326]  ? policy_nodemask+0x27c/0x720
[   77.466934][ T5326]  ? __lock_acquire+0xab9/0xd20
[   77.469113][ T5326]  alloc_pages_mpol+0x232/0x4a0
[   77.471582][ T5326]  ___kmalloc_large_node+0x5f/0x1b0
[   77.474330][ T5326]  __kmalloc_large_node_noprof+0x18/0x90
[   77.476950][ T5326]  __kmalloc_noprof+0x4bd/0x7f0
[   77.479086][ T5326]  ? raw_ioctl+0x1962/0x3be0
[   77.481042][ T5326]  raw_ioctl+0x1962/0x3be0
[   77.483086][ T5326]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   77.485515][ T5326]  ? do_vfs_ioctl+0xbe8/0x1430
[   77.487597][ T5326]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   77.490088][ T5326]  ? __pfx_raw_ioctl+0x10/0x10
[   77.492218][ T5326]  ? __might_fault+0xb0/0x130
[   77.494471][ T5326]  ? __fget_files+0x2a/0x420
[   77.496765][ T5326]  ? __fget_files+0x3a0/0x420
[   77.498905][ T5326]  ? __fget_files+0x2a/0x420
[   77.500883][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.503071][ T5326]  ? __pfx_raw_ioctl+0x10/0x10
[   77.505165][ T5326]  __se_sys_ioctl+0xfc/0x170
[   77.507284][ T5326]  do_syscall_64+0xfa/0xfa0
[   77.509281][ T5326]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.511655][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.514091][ T5326]  ? clear_bhb_loop+0x60/0xb0
[   77.515943][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.518484][ T5326] RIP: 0033:0x7f336378f7c9
[   77.520341][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.528406][ T5326] RSP: 002b:00007f33646e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.532177][ T5326] RAX: ffffffffffffffda RBX: 00007f33639e6090 RCX: 00007f336378f7c9
[   77.535645][ T5326] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 0000000000000005
[   77.539340][ T5326] RBP: 00007f3363813f91 R08: 0000000000000000 R09: 0000000000000000
[   77.542830][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.546099][ T5326] R13: 00007f33639e6128 R14: 00007f33639e6090 R15: 00007fffc6a33e18
[   77.549487][ T5326]  </TASK>
[   77.551189][ T5326] Kernel Offset: disabled
[   77.553146][ T5326] Rebooting in 86400 seconds..