program:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000100)={0x2000000, 0x0, 0x13, 0x4, 0x200, 0x0})
unshare(0x22020680)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDADDIO(r1, 0x4b34, 0x2)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
r4 = openat$cgroup_pressure(r3, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
read(r4, &(0x7f0000000100)=""/43, 0x2b)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r9 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r9, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000574000/0x1000)=nil, 0x1000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r8, 0xc02864c3, &(0x7f0000000080)={0x0, 0xfff, 0xfffffffffffffe8c})
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100f8ffffffbfa400000000000007040080f0ffffffb70200000800000018230900", @ANYRES32=r10, @ANYBLOB="0000000004000000b7030000aa6f0040850000006900000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='kfree\x00', r11, 0x0, 0xfffffffffffffffc}, 0x18)
poll(&(0x7f0000000140)=[{r6, 0x1412}, {r7}, {r8, 0xc084}, {r11, 0x511c}, {r2, 0x5066}, {r2, 0x10a9}], 0x6, 0x1)
dup3(r5, r6, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00'})
close_range(r0, r6, 0x0)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa000, 0x1ef)
ioctl$FITRIM(r12, 0xc0185879, &(0x7f00000000c0)={0x10000, 0x10, 0x7ffffffffffffdff})

[   92.685154][ T1361] cfg80211: failed to load regulatory.db
[   92.700011][ T5296] Bluetooth: hci0: command tx timeout
[   92.930409][ T5318] ------------[ cut here ]------------
[   92.932856][ T5318] 1
[   92.932867][ T5318] WARNING: mm/page_alloc.c:5225 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5318
[   92.938918][ T5318] Modules linked in:
[   92.940757][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.944704][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.949294][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   92.952229][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 46 99 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   92.960619][ T5318] RSP: 0018:ffffc9000de678c0 EFLAGS: 00010246
[   92.963272][ T5318] RAX: ffffc9000de67900 RBX: 0000000000000016 RCX: 0000000000000000
[   92.966972][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000de67928
[   92.970451][ T5318] RBP: ffffc9000de679a8 R08: ffffc9000de67927 R09: 0000000000000000
[   92.973947][ T5318] R10: ffffc9000de67900 R11: fffff52001bccf25 R12: 0000000000000000
[   92.977497][ T5318] R13: 1ffff92001bccf1c R14: 0000000000040cc0 R15: dffffc0000000000
[   92.981076][ T5318] FS:  00007fc022f806c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   92.984841][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   92.987819][ T5318] CR2: 0000200000000080 CR3: 000000001fcef000 CR4: 0000000000352ef0
[   92.991485][ T5318] Call Trace:
[   92.993009][ T5318]  <TASK>
[   92.994382][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   92.997285][ T5318]  ? __pfx_policy_nodemask+0x10/0x10
[   92.999612][ T5318]  ? kasan_save_free_info+0x46/0x50
[   93.002112][ T5318]  ? __kasan_slab_free+0x5c/0x80
[   93.004413][ T5318]  ? kfree+0x1c1/0x630
[   93.006427][ T5318]  ? tomoyo_path_number_perm+0x501/0x630
[   93.008951][ T5318]  ? security_file_ioctl+0xc3/0x2a0
[   93.011307][ T5318]  ? do_syscall_64+0x14d/0xf80
[   93.013505][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.016666][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   93.018882][ T5318]  ___kmalloc_large_node+0x4e/0x150
[   93.021259][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   93.023796][ T5318]  __kmalloc_noprof+0x3e8/0x760
[   93.026306][ T5318]  ? drm_syncobj_array_find+0x3a/0x440
[   93.028599][ T5318]  drm_syncobj_array_find+0x3a/0x440
[   93.030864][ T5318]  drm_syncobj_wait_ioctl+0x200/0x690
[   93.033302][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.036043][ T5318]  drm_ioctl_kernel+0x2df/0x3b0
[   93.038200][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.040866][ T5318]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   93.043270][ T5318]  drm_ioctl+0x6ba/0xb80
[   93.045171][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.047934][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   93.050106][ T5318]  ? rcu_is_watching+0x15/0xb0
[   93.053020][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.055503][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   93.057810][ T5318]  __se_sys_ioctl+0xfc/0x170
[   93.059826][ T5318]  do_syscall_64+0x14d/0xf80
[   93.061925][ T5318]  ? trace_irq_disable+0x3b/0x150
[   93.064191][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.066983][ T5318]  ? clear_bhb_loop+0x40/0x90
[   93.069122][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.071701][ T5318] RIP: 0033:0x7fc02219c629
[   93.073699][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.082014][ T5318] RSP: 002b:00007fc022f80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.085627][ T5318] RAX: ffffffffffffffda RBX: 00007fc022415fa0 RCX: 00007fc02219c629
[   93.089438][ T5318] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 000000000000000a
[   93.093017][ T5318] RBP: 00007fc022232b39 R08: 0000000000000000 R09: 0000000000000000
[   93.096650][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.100095][ T5318] R13: 00007fc022416038 R14: 00007fc022415fa0 R15: 00007ffd3685fe98
[   93.103455][ T5318]  </TASK>
[   93.104997][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   93.109019][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   93.113213][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   93.117558][ T5318] Call Trace:
[   93.119075][ T5318]  <TASK>
[   93.120429][ T5318]  vpanic+0x56c/0xa60
[   93.122304][ T5318]  ? __pfx__printk+0x10/0x10
[   93.124314][ T5318]  ? __pfx_vpanic+0x10/0x10
[   93.126389][ T5318]  ? is_bpf_text_address+0x292/0x2b0
[   93.128773][ T5318]  ? is_bpf_text_address+0x26/0x2b0
[   93.131145][ T5318]  panic+0xc5/0xd0
[   93.132835][ T5318]  ? __pfx_panic+0x10/0x10
[   93.134716][ T5318]  __warn+0x315/0x4f0
[   93.136654][ T5318]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   93.139229][ T5318]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   93.141896][ T5318]  __report_bug+0x29a/0x540
[   93.143914][ T5318]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   93.146492][ T5318]  ? __pfx___report_bug+0x10/0x10
[   93.148709][ T5318]  ? is_bpf_text_address+0x26/0x2b0
[   93.151070][ T5318]  ? is_bpf_text_address+0x292/0x2b0
[   93.153353][ T5318]  ? is_bpf_text_address+0x26/0x2b0
[   93.155852][ T5318]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   93.159244][ T5318]  report_bug+0x16a/0x220
[   93.161323][ T5318]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   93.163778][ T5318]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   93.166387][ T5318]  handle_bug+0x98/0x200
[   93.168260][ T5318]  exc_invalid_op+0x1a/0x50
[   93.170345][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   93.172564][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   93.175344][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 46 99 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   93.183506][ T5318] RSP: 0018:ffffc9000de678c0 EFLAGS: 00010246
[   93.185991][ T5318] RAX: ffffc9000de67900 RBX: 0000000000000016 RCX: 0000000000000000
[   93.189215][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000de67928
[   93.192812][ T5318] RBP: ffffc9000de679a8 R08: ffffc9000de67927 R09: 0000000000000000
[   93.196310][ T5318] R10: ffffc9000de67900 R11: fffff52001bccf25 R12: 0000000000000000
[   93.199796][ T5318] R13: 1ffff92001bccf1c R14: 0000000000040cc0 R15: dffffc0000000000
[   93.203325][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   93.206026][ T5318]  ? __pfx_policy_nodemask+0x10/0x10
[   93.208263][ T5318]  ? kasan_save_free_info+0x46/0x50
[   93.210503][ T5318]  ? __kasan_slab_free+0x5c/0x80
[   93.212579][ T5318]  ? kfree+0x1c1/0x630
[   93.214392][ T5318]  ? tomoyo_path_number_perm+0x501/0x630
[   93.216746][ T5318]  ? security_file_ioctl+0xc3/0x2a0
[   93.219064][ T5318]  ? do_syscall_64+0x14d/0xf80
[   93.221279][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.223929][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   93.225988][ T5318]  ___kmalloc_large_node+0x4e/0x150
[   93.228234][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   93.230733][ T5318]  __kmalloc_noprof+0x3e8/0x760
[   93.232804][ T5318]  ? drm_syncobj_array_find+0x3a/0x440
[   93.235121][ T5318]  drm_syncobj_array_find+0x3a/0x440
[   93.237004][ T5318]  drm_syncobj_wait_ioctl+0x200/0x690
[   93.239290][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.241918][ T5318]  drm_ioctl_kernel+0x2df/0x3b0
[   93.244080][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.246729][ T5318]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   93.249057][ T5318]  drm_ioctl+0x6ba/0xb80
[   93.250963][ T5318]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   93.253582][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   93.255707][ T5318]  ? rcu_is_watching+0x15/0xb0
[   93.257778][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.260072][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   93.265430][ T5318]  __se_sys_ioctl+0xfc/0x170
[   93.267863][ T5318]  do_syscall_64+0x14d/0xf80
[   93.270049][ T5318]  ? trace_irq_disable+0x3b/0x150
[   93.272542][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.275458][ T5318]  ? clear_bhb_loop+0x40/0x90
[   93.277784][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.280426][ T5318] RIP: 0033:0x7fc02219c629
[   93.282525][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.291370][ T5318] RSP: 002b:00007fc022f80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.295101][ T5318] RAX: ffffffffffffffda RBX: 00007fc022415fa0 RCX: 00007fc02219c629
[   93.298718][ T5318] RDX: 0000200000000080 RSI: 00000000c02864c3 RDI: 000000000000000a
[   93.302298][ T5318] RBP: 00007fc022232b39 R08: 0000000000000000 R09: 0000000000000000
[   93.305665][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.309160][ T5318] R13: 00007fc022416038 R14: 00007fc022415fa0 R15: 00007ffd3685fe98
[   93.312565][ T5318]  </TASK>
[   93.314359][ T5318] Kernel Offset: disabled
[   93.316356][ T5318] Rebooting in 86400 seconds..