program:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040f0406000604"], 0x7)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r0, 0xc02864c3, &(0x7f0000000040)={0x0, 0x1000, 0xffffffffffffffa7, 0x1})
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r2 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x6042, 0x0)
sendfile(r3, r2, 0x0, 0x80000002)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2902, 0x1ff)
write(r4, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b28", 0x41)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80644870a8ee1fdfee34", 0x14}], 0x1}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r3, 0xc01064c1, &(0x7f0000000200))
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r7 = socket$unix(0x1, 0x5, 0x0)
r8 = dup2(r7, r6)
close_range(r8, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000280)={0x0, 0x0, <r9=>0xffffffffffffffff})
syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x140, &(0x7f0000000200)="$eJzszLFLMnEYwPHvvd77+lKaRgYWZEFDR2KeJ7Y1aCQJ2UHh0iTYRYFmJERjBW0N/QEOldAkDtHYUNZiKYT9HUJD0FicJ4gRDc2/DxzH7/s8PAtzDQU3tD9gPp/b2TUKBWN9YkVPxlevrm8GzG4H/vfMrf3bKGyafxlah2DmeydsbGWNmUw+a75bUVCAWL/VVazdPrN5rBbqNGUSqsNW075p4U4blSHm6t77OIcp895g994bsF/0V8qPy/VaIjB9OWbjOOEfH5J6u8840eIjJYfXRsp4uCDWnr8Ea4HnYKXcbNSTS3pSb4Q1bTashlQ10tSf6onIwSnyomMP1r7c+4fXJ6fgSIKiBOX2vHUnOYHq2buec9k9wOu2G6SfJpm0928p7XH/waYgIQiCIAiCIAiCIAi/9BkAAP//OCds6A==")
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r9, 0xc01064c2, &(0x7f0000000240)={0x0, 0x0, r8})
keyctl$get_security(0x11, r1, &(0x7f0000000140)=""/90, 0x5a)
syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) (async)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040f0406000604"], 0x7) (async)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r0, 0xc02864c3, &(0x7f0000000040)={0x0, 0x1000, 0xffffffffffffffa7, 0x1}) (async)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) (async)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x6042, 0x0) (async)
sendfile(r3, r2, 0x0, 0x80000002) (async)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2902, 0x1ff) (async)
write(r4, &(0x7f0000000180)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b28", 0x41) (async)
socket$kcm(0x10, 0x3, 0x10) (async)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80644870a8ee1fdfee34", 0x14}], 0x1}, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r3, 0xc01064c1, &(0x7f0000000200)) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
socket$unix(0x1, 0x5, 0x0) (async)
dup2(r7, r6) (async)
close_range(r8, 0xffffffffffffffff, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000280)) (async)
syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x140, &(0x7f0000000200)="$eJzszLFLMnEYwPHvvd77+lKaRgYWZEFDR2KeJ7Y1aCQJ2UHh0iTYRYFmJERjBW0N/QEOldAkDtHYUNZiKYT9HUJD0FicJ4gRDc2/DxzH7/s8PAtzDQU3tD9gPp/b2TUKBWN9YkVPxlevrm8GzG4H/vfMrf3bKGyafxlah2DmeydsbGWNmUw+a75bUVCAWL/VVazdPrN5rBbqNGUSqsNW075p4U4blSHm6t77OIcp895g994bsF/0V8qPy/VaIjB9OWbjOOEfH5J6u8840eIjJYfXRsp4uCDWnr8Ea4HnYKXcbNSTS3pSb4Q1bTashlQ10tSf6onIwSnyomMP1r7c+4fXJ6fgSIKiBOX2vHUnOYHq2buec9k9wOu2G6SfJpm0928p7XH/waYgIQiCIAiCIAiCIAi/9BkAAP//OCds6A==") (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r9, 0xc01064c2, &(0x7f0000000240)={0x0, 0x0, r8}) (async)
keyctl$get_security(0x11, r1, &(0x7f0000000140)=""/90, 0x5a) (async)

[   75.646616][ T4703] Bluetooth: hci0: command tx timeout
[   75.705742][ T5353] ------------[ cut here ]------------
[   75.707820][ T5353] WARNING: CPU: 0 PID: 5353 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.712664][ T5353] Modules linked in:
[   75.714558][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.718262][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.722574][ T5353] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   75.725366][ T5353] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   75.734900][ T5353] RSP: 0018:ffffc9000d36f8e0 EFLAGS: 00010246
[   75.737776][ T5353] RAX: ffffc9000d36f900 RBX: 0000000000000016 RCX: 0000000000000000
[   75.741418][ T5353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d36f948
[   75.745136][ T5353] RBP: ffffc9000d36f9c8 R08: ffffc9000d36f947 R09: 0000000000000000
[   75.748571][ T5353] R10: ffffc9000d36f920 R11: fffff52001a6df29 R12: 0000000000000000
[   75.751944][ T5353] R13: 1ffff92001a6df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   75.755316][ T5353] FS:  00007fa9b26ec6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   75.759055][ T5353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.761843][ T5353] CR2: 00007fa9b19b8558 CR3: 0000000031f15000 CR4: 0000000000352ef0
[   75.766686][ T5353] Call Trace:
[   75.768197][ T5353]  <TASK>
[   75.769482][ T5353]  ? stack_depot_save_flags+0x40/0x860
[   75.771828][ T5353]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   75.774436][ T5353]  ? kasan_save_track+0x4f/0x80
[   75.776369][ T5353]  ? kasan_save_track+0x3e/0x80
[   75.778415][ T5353]  ? policy_nodemask+0x27c/0x720
[   75.780444][ T5353]  ? do_syscall_64+0xfa/0x3b0
[   75.782462][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.785208][ T5353]  alloc_pages_mpol+0x232/0x4a0
[   75.787281][ T5353]  ___kmalloc_large_node+0x5f/0x1b0
[   75.789449][ T5353]  __kmalloc_large_node_noprof+0x18/0x90
[   75.791711][ T5353]  __kmalloc_noprof+0x36f/0x4f0
[   75.793811][ T5353]  ? drm_syncobj_array_find+0x3a/0x450
[   75.796120][ T5353]  drm_syncobj_array_find+0x3a/0x450
[   75.798388][ T5353]  drm_syncobj_wait_ioctl+0x208/0x520
[   75.800691][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.803238][ T5353]  drm_ioctl_kernel+0x2cf/0x390
[   75.805444][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.807887][ T5353]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   75.810127][ T5353]  drm_ioctl+0x67f/0xb10
[   75.811933][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.814516][ T5353]  ? __pfx_drm_ioctl+0x10/0x10
[   75.816580][ T5353]  ? __fget_files+0x2a/0x420
[   75.818569][ T5353]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.820605][ T5353]  ? __pfx_drm_ioctl+0x10/0x10
[   75.822567][ T5353]  __se_sys_ioctl+0xfc/0x170
[   75.824662][ T5353]  do_syscall_64+0xfa/0x3b0
[   75.826700][ T5353]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.828945][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.831480][ T5353]  ? clear_bhb_loop+0x60/0xb0
[   75.833527][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.835990][ T5353] RIP: 0033:0x7fa9b178eec9
[   75.838695][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.847457][ T5353] RSP: 002b:00007fa9b26ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.851137][ T5353] RAX: ffffffffffffffda RBX: 00007fa9b19e5fa0 RCX: 00007fa9b178eec9
[   75.855102][ T5353] RDX: 0000200000000040 RSI: 00000000c02864c3 RDI: 0000000000000003
[   75.858514][ T5353] RBP: 00007fa9b1811f91 R08: 0000000000000000 R09: 0000000000000000
[   75.861913][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.865369][ T5353] R13: 00007fa9b19e6038 R14: 00007fa9b19e5fa0 R15: 00007ffdb1d4a688
[   75.868619][ T5353]  </TASK>
[   75.869905][ T5353] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.872971][ T5353] CPU: 0 UID: 0 PID: 5353 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.876847][ T5353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.881332][ T5353] Call Trace:
[   75.882876][ T5353]  <TASK>
[   75.884206][ T5353]  dump_stack_lvl+0x99/0x250
[   75.886182][ T5353]  ? __asan_memcpy+0x40/0x70
[   75.888163][ T5353]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.890395][ T5353]  ? __pfx__printk+0x10/0x10
[   75.892361][ T5353]  vpanic+0x281/0x750
[   75.894112][ T5353]  ? __pfx__printk+0x10/0x10
[   75.896106][ T5353]  ? __pfx_vpanic+0x10/0x10
[   75.897993][ T5353]  ? is_bpf_text_address+0x26/0x2b0
[   75.900239][ T5353]  panic+0xb9/0xc0
[   75.901922][ T5353]  ? __pfx_panic+0x10/0x10
[   75.903792][ T5353]  __warn+0x31b/0x4b0
[   75.905573][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.908174][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.910660][ T5353]  report_bug+0x2be/0x4f0
[   75.912437][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.914985][ T5353]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.917651][ T5353]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   75.920134][ T5353]  handle_bug+0x84/0x160
[   75.921963][ T5353]  exc_invalid_op+0x1a/0x50
[   75.923964][ T5353]  asm_exc_invalid_op+0x1a/0x20
[   75.926155][ T5353] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   75.928855][ T5353] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   75.936637][ T5353] RSP: 0018:ffffc9000d36f8e0 EFLAGS: 00010246
[   75.939296][ T5353] RAX: ffffc9000d36f900 RBX: 0000000000000016 RCX: 0000000000000000
[   75.942592][ T5353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d36f948
[   75.945799][ T5353] RBP: ffffc9000d36f9c8 R08: ffffc9000d36f947 R09: 0000000000000000
[   75.949044][ T5353] R10: ffffc9000d36f920 R11: fffff52001a6df29 R12: 0000000000000000
[   75.952331][ T5353] R13: 1ffff92001a6df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   75.955732][ T5353]  ? stack_depot_save_flags+0x40/0x860
[   75.958047][ T5353]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   75.960738][ T5353]  ? kasan_save_track+0x4f/0x80
[   75.962876][ T5353]  ? kasan_save_track+0x3e/0x80
[   75.965115][ T5353]  ? policy_nodemask+0x27c/0x720
[   75.967230][ T5353]  ? do_syscall_64+0xfa/0x3b0
[   75.969292][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.971834][ T5353]  alloc_pages_mpol+0x232/0x4a0
[   75.973864][ T5353]  ___kmalloc_large_node+0x5f/0x1b0
[   75.976062][ T5353]  __kmalloc_large_node_noprof+0x18/0x90
[   75.978450][ T5353]  __kmalloc_noprof+0x36f/0x4f0
[   75.980482][ T5353]  ? drm_syncobj_array_find+0x3a/0x450
[   75.982837][ T5353]  drm_syncobj_array_find+0x3a/0x450
[   75.985162][ T5353]  drm_syncobj_wait_ioctl+0x208/0x520
[   75.987480][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.990020][ T5353]  drm_ioctl_kernel+0x2cf/0x390
[   75.992063][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.994527][ T5353]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   75.996763][ T5353]  drm_ioctl+0x67f/0xb10
[   75.998519][ T5353]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   76.000936][ T5353]  ? __pfx_drm_ioctl+0x10/0x10
[   76.002916][ T5353]  ? __fget_files+0x2a/0x420
[   76.004899][ T5353]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.007022][ T5353]  ? __pfx_drm_ioctl+0x10/0x10
[   76.009071][ T5353]  __se_sys_ioctl+0xfc/0x170
[   76.011023][ T5353]  do_syscall_64+0xfa/0x3b0
[   76.012928][ T5353]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.015105][ T5353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.017551][ T5353]  ? clear_bhb_loop+0x60/0xb0
[   76.019524][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.021995][ T5353] RIP: 0033:0x7fa9b178eec9
[   76.023883][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.032005][ T5353] RSP: 002b:00007fa9b26ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.035591][ T5353] RAX: ffffffffffffffda RBX: 00007fa9b19e5fa0 RCX: 00007fa9b178eec9
[   76.038880][ T5353] RDX: 0000200000000040 RSI: 00000000c02864c3 RDI: 0000000000000003
[   76.042202][ T5353] RBP: 00007fa9b1811f91 R08: 0000000000000000 R09: 0000000000000000
[   76.045553][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.048845][ T5353] R13: 00007fa9b19e6038 R14: 00007fa9b19e5fa0 R15: 00007ffdb1d4a688
[   76.052163][ T5353]  </TASK>
[   76.053896][ T5353] Kernel Offset: disabled
[   76.055844][ T5353] Rebooting in 86400 seconds..