program:
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="bc000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf252e0000000c009900050000004f0000005c00100000000000000021313611d4093976203597d832d0a9cc6c7f802adfe0e7343b19a90822b68f11542aa1311b19d435aca2eaf334ba2dcde092c0fad6d655249a34228b2cb61b61bb9d6264b1d91b3171928fe1e3ee3379be8e04001e0106006600056000000400440008004a0006ac0f00040005010400930008009f00040000000800a10004000000080027000100000008009f00010000000a39e734f6053097b6b7fac55a47878c472e33fa5593f4ba4d19084033a34d8989b9cb3fb5617df66e8150a06b9248961e069a6ab4e6dc0e92aaa24a6bc957f64bebb4fd9a77324abb6264c962bfbb39b92440dee597a7e7f60ed03931946a1bf20c11c056d3007f3ddb40d8135b416dddd0fc24ff4d72f09dc4f9af5232a0c50bcb460a171491cf7390d67baccd20b6b1197f7b541f09911cb37fe32677bff46299344aca215cd618bff3e0a839d78e1b65f98362de210ce9cae58218264d383a38e821070b992d"], 0xbc}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2) (async)
r0 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2)
fanotify_init(0x200, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0) (async)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x240c0, 0x1ca) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x240c0, 0x1ca)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r1, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r1, 0x0)
userfaultfd(0x80001) (async)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x3})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0109220c"], 0x7)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r3, 0xc02864c3, &(0x7f0000000080)={0x0, 0xfff, 0xfffffffffffffda6, 0x1})
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x30, r0, 0x261a9000)

[   84.652706][ T5305] Bluetooth: hci0: command tx timeout
[   84.783452][ T5328] ------------[ cut here ]------------
[   84.786335][ T5328] 1
[   84.786347][ T5328] WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5328
[   84.793473][ T5328] Modules linked in:
[   84.795377][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.799460][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.803886][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   84.806713][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 ab 16 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 d4 08 b9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   84.814916][ T5328] RSP: 0018:ffffc9000bd7f8c0 EFLAGS: 00010246
[   84.817458][ T5328] RAX: ffffc9000bd7f900 RBX: 0000000000000016 RCX: 0000000000000000
[   84.820790][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000bd7f928
[   84.824389][ T5328] RBP: ffffc9000bd7f9a8 R08: ffffc9000bd7f927 R09: 0000000000000000
[   84.827985][ T5328] R10: ffffc9000bd7f900 R11: fffff520017aff25 R12: 0000000000000000
[   84.831359][ T5328] R13: 1ffff920017aff1c R14: 0000000000040cc0 R15: dffffc0000000000
[   84.834940][ T5328] FS:  00007fb6db2116c0(0000) GS:ffff88808cce8000(0000) knlGS:0000000000000000
[   84.838925][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.841878][ T5328] CR2: 00007f2a51580270 CR3: 0000000012d2b000 CR4: 0000000000352ef0
[   84.845312][ T5328] Call Trace:
[   84.846802][ T5328]  <TASK>
[   84.848234][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   84.850967][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   84.853610][ T5328]  ? kasan_save_track+0x4f/0x80
[   84.855530][ T5328]  ? kasan_save_track+0x3e/0x80
[   84.857459][ T5328]  ? kasan_save_free_info+0x46/0x50
[   84.859491][ T5328]  ? __kasan_slab_free+0x5c/0x80
[   84.861444][ T5328]  ? kfree+0x1be/0x650
[   84.863444][ T5328]  ? security_file_ioctl+0xc3/0x2a0
[   84.865535][ T5328]  ? __se_sys_ioctl+0x47/0x170
[   84.867622][ T5328]  ? do_syscall_64+0xe2/0xf80
[   84.869860][ T5328]  alloc_pages_mpol+0x232/0x4a0
[   84.871917][ T5328]  ___kmalloc_large_node+0x4e/0x150
[   84.874243][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   84.876734][ T5328]  __kmalloc_noprof+0x4b8/0x7e0
[   84.878806][ T5328]  ? drm_syncobj_array_find+0x3a/0x450
[   84.881218][ T5328]  drm_syncobj_array_find+0x3a/0x450
[   84.883593][ T5328]  drm_syncobj_wait_ioctl+0x200/0x690
[   84.885945][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   84.888620][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   84.890754][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   84.893367][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   84.895775][ T5328]  drm_ioctl+0x6ba/0xb80
[   84.897454][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   84.899905][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   84.901797][ T5328]  ? __fget_files+0x2a/0x420
[   84.903832][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.906230][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   84.908508][ T5328]  __se_sys_ioctl+0xfc/0x170
[   84.910716][ T5328]  do_syscall_64+0xe2/0xf80
[   84.912977][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.915793][ T5328]  ? trace_irq_disable+0x37/0x100
[   84.917911][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   84.920183][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.922793][ T5328] RIP: 0033:0x7fb6da39aeb9
[   84.924987][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.933620][ T5328] RSP: 002b:00007fb6db211028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.937081][ T5328] RAX: ffffffffffffffda RBX: 00007fb6da615fa0 RCX: 00007fb6da39aeb9
[   84.940431][ T5328] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 000000000000000a
[   84.944193][ T5328] RBP: 00007fb6da408c1f R08: 0000000000000000 R09: 0000000000000000
[   84.947819][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.951442][ T5328] R13: 00007fb6da616038 R14: 00007fb6da615fa0 R15: 00007ffddca1cdd8
[   84.955399][ T5328]  </TASK>
[   84.956842][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.960120][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.963705][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.968100][ T5328] Call Trace:
[   84.969676][ T5328]  <TASK>
[   84.970934][ T5328]  vpanic+0x1e0/0x670
[   84.972586][ T5328]  panic+0xc5/0xd0
[   84.974160][ T5328]  ? __pfx_panic+0x10/0x10
[   84.975992][ T5328]  __warn+0x315/0x4a0
[   84.977571][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.979913][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.982294][ T5328]  __report_bug+0x29a/0x540
[   84.984291][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.986829][ T5328]  ? __pfx___report_bug+0x10/0x10
[   84.988841][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   84.990918][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   84.993365][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.995944][ T5328]  report_bug+0x16a/0x220
[   84.997825][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.000352][ T5328]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   85.003179][ T5328]  handle_bug+0x98/0x200
[   85.005615][ T5328]  exc_invalid_op+0x1a/0x50
[   85.007932][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   85.010179][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   85.013035][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 ab 16 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 d4 08 b9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.021306][ T5328] RSP: 0018:ffffc9000bd7f8c0 EFLAGS: 00010246
[   85.023962][ T5328] RAX: ffffc9000bd7f900 RBX: 0000000000000016 RCX: 0000000000000000
[   85.027030][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000bd7f928
[   85.030014][ T5328] RBP: ffffc9000bd7f9a8 R08: ffffc9000bd7f927 R09: 0000000000000000
[   85.032961][ T5328] R10: ffffc9000bd7f900 R11: fffff520017aff25 R12: 0000000000000000
[   85.036170][ T5328] R13: 1ffff920017aff1c R14: 0000000000040cc0 R15: dffffc0000000000
[   85.039481][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.042285][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   85.044628][ T5328]  ? kasan_save_track+0x4f/0x80
[   85.046895][ T5328]  ? kasan_save_track+0x3e/0x80
[   85.049148][ T5328]  ? kasan_save_free_info+0x46/0x50
[   85.051448][ T5328]  ? __kasan_slab_free+0x5c/0x80
[   85.053727][ T5328]  ? kfree+0x1be/0x650
[   85.055824][ T5328]  ? security_file_ioctl+0xc3/0x2a0
[   85.058571][ T5328]  ? __se_sys_ioctl+0x47/0x170
[   85.060473][ T5328]  ? do_syscall_64+0xe2/0xf80
[   85.062384][ T5328]  alloc_pages_mpol+0x232/0x4a0
[   85.064483][ T5328]  ___kmalloc_large_node+0x4e/0x150
[   85.066878][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   85.069365][ T5328]  __kmalloc_noprof+0x4b8/0x7e0
[   85.071565][ T5328]  ? drm_syncobj_array_find+0x3a/0x450
[   85.073965][ T5328]  drm_syncobj_array_find+0x3a/0x450
[   85.076110][ T5328]  drm_syncobj_wait_ioctl+0x200/0x690
[   85.078314][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   85.080669][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   85.082631][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   85.085063][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.087445][ T5328]  drm_ioctl+0x6ba/0xb80
[   85.089381][ T5328]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   85.092104][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.094297][ T5328]  ? __fget_files+0x2a/0x420
[   85.096359][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.098573][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.100853][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.102736][ T5328]  do_syscall_64+0xe2/0xf80
[   85.104614][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.107408][ T5328]  ? trace_irq_disable+0x37/0x100
[   85.109817][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   85.111854][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.114192][ T5328] RIP: 0033:0x7fb6da39aeb9
[   85.115863][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.123459][ T5328] RSP: 002b:00007fb6db211028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.126790][ T5328] RAX: ffffffffffffffda RBX: 00007fb6da615fa0 RCX: 00007fb6da39aeb9
[   85.130454][ T5328] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 000000000000000a
[   85.133753][ T5328] RBP: 00007fb6da408c1f R08: 0000000000000000 R09: 0000000000000000
[   85.137281][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.140558][ T5328] R13: 00007fb6da616038 R14: 00007fb6da615fa0 R15: 00007ffddca1cdd8
[   85.143946][ T5328]  </TASK>
[   85.145607][ T5328] Kernel Offset: disabled
[   85.147279][ T5328] Rebooting in 86400 seconds..