program:
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000050000800000000000000000850000002c00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b40d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

[   77.724960][ T4668] Bluetooth: hci0: command tx timeout
[   77.732889][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   77.735671][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   78.075308][ T5322] ==================================================================
[   78.079034][ T5322] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[   78.082663][ T5322] Read of size 8 at addr ffff88803ead6cf8 by task syz.0.0/5322
[   78.086002][ T5322] 
[   78.087134][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   78.087150][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.087157][ T5322] Call Trace:
[   78.087163][ T5322]  <TASK>
[   78.087169][ T5322]  dump_stack_lvl+0x189/0x250
[   78.087186][ T5322]  ? __kasan_check_byte+0x12/0x40
[   78.087231][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.087239][ T5322]  ? lock_release+0x4b/0x3e0
[   78.087252][ T5322]  ? __virt_addr_valid+0x4a5/0x5c0
[   78.087266][ T5322]  print_report+0xca/0x240
[   78.087284][ T5322]  ? change_page_attr_set_clr+0x625/0xfc0
[   78.087298][ T5322]  kasan_report+0x118/0x150
[   78.087309][ T5322]  ? change_page_attr_set_clr+0x625/0xfc0
[   78.087322][ T5322]  change_page_attr_set_clr+0x625/0xfc0
[   78.087337][ T5322]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   78.087348][ T5322]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   78.087359][ T5322]  ? memtype_reserve+0x874/0xb30
[   78.087373][ T5322]  ? __pfx___ww_mutex_lock+0x10/0x10
[   78.087418][ T5322]  _set_pages_array+0x145/0x270
[   78.087434][ T5322]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   78.087450][ T5322]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   78.087467][ T5322]  ? ww_mutex_lock+0x3f/0x1c0
[   78.087479][ T5322]  drm_gem_shmem_mmap+0x193/0x460
[   78.087495][ T5322]  drm_gem_mmap_obj+0x18a/0x4e0
[   78.087508][ T5322]  drm_gem_mmap+0x384/0x640
[   78.087519][ T5322]  ? __pfx_drm_gem_mmap+0x10/0x10
[   78.087529][ T5322]  ? __mas_set_range+0x12f/0x3c0
[   78.087544][ T5322]  mmap_region+0x18b4/0x2110
[   78.087561][ T5322]  ? __pfx_mmap_region+0x10/0x10
[   78.087571][ T5322]  ? __schedule+0x17ae/0x4cc0
[   78.087596][ T5322]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   78.087611][ T5322]  ? rwsem_down_write_slowpath+0x472/0xfe0
[   78.087625][ T5322]  ? bpf_lsm_mmap_addr+0x9/0x20
[   78.087637][ T5322]  ? security_mmap_addr+0x71/0x270
[   78.087651][ T5322]  ? shmem_mapping+0xd/0x50
[   78.087662][ T5322]  ? memfd_check_seals_mmap+0xc5/0x200
[   78.087677][ T5322]  do_mmap+0xc45/0x10d0
[   78.087695][ T5322]  ? __pfx_do_mmap+0x10/0x10
[   78.087707][ T5322]  ? down_write_killable+0x178/0x230
[   78.087726][ T5322]  ? __pfx_down_write_killable+0x10/0x10
[   78.087737][ T5322]  ? common_file_perm+0x1b5/0x230
[   78.087756][ T5322]  vm_mmap_pgoff+0x2a6/0x4d0
[   78.087770][ T5322]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   78.087783][ T5322]  ? __fget_files+0x2a/0x420
[   78.087794][ T5322]  ? __fget_files+0x2a/0x420
[   78.087804][ T5322]  ? __fget_files+0x2a/0x420
[   78.087815][ T5322]  ksys_mmap_pgoff+0x51f/0x760
[   78.087833][ T5322]  do_syscall_64+0xfa/0xfa0
[   78.087844][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.087860][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.087872][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   78.087881][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.087890][ T5322] RIP: 0033:0x7f56a518eec9
[   78.087900][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.087910][ T5322] RSP: 002b:00007f56a608f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   78.087923][ T5322] RAX: ffffffffffffffda RBX: 00007f56a53e6090 RCX: 00007f56a518eec9
[   78.087931][ T5322] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   78.087938][ T5322] RBP: 00007f56a5211f91 R08: 0000000000000003 R09: 0000000100000000
[   78.087944][ T5322] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   78.087949][ T5322] R13: 00007f56a53e6128 R14: 00007f56a53e6090 R15: 00007ffd52546998
[   78.087961][ T5322]  </TASK>
[   78.087965][ T5322] 
[   78.238652][ T5322] Allocated by task 5322:
[   78.240620][ T5322]  kasan_save_track+0x3e/0x80
[   78.242756][ T5322]  __kasan_kmalloc+0x93/0xb0
[   78.244756][ T5322]  __kvmalloc_node_noprof+0x5cd/0x910
[   78.247065][ T5322]  drm_gem_get_pages+0x166/0xa20
[   78.249312][ T5322]  drm_gem_shmem_get_pages_locked+0x201/0x440
[   78.251962][ T5322]  drm_gem_shmem_mmap+0x193/0x460
[   78.254148][ T5322]  drm_gem_mmap_obj+0x18a/0x4e0
[   78.256279][ T5322]  drm_gem_mmap+0x384/0x640
[   78.258235][ T5322]  mmap_region+0x18b4/0x2110
[   78.260252][ T5322]  do_mmap+0xc45/0x10d0
[   78.262236][ T5322]  vm_mmap_pgoff+0x2a6/0x4d0
[   78.264285][ T5322]  ksys_mmap_pgoff+0x51f/0x760
[   78.266465][ T5322]  do_syscall_64+0xfa/0xfa0
[   78.268524][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.271079][ T5322] 
[   78.272183][ T5322] The buggy address belongs to the object at ffff88803ead6c00
[   78.272183][ T5322]  which belongs to the cache kmalloc-256 of size 256
[   78.278352][ T5322] The buggy address is located 0 bytes to the right of
[   78.278352][ T5322]  allocated 248-byte region [ffff88803ead6c00, ffff88803ead6cf8)
[   78.284306][ T5322] 
[   78.285422][ T5322] The buggy address belongs to the physical page:
[   78.288565][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ead6
[   78.292593][ T5322] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   78.295437][ T5322] page_type: f5(slab)
[   78.297001][ T5322] raw: 04fff00000000000 ffff88801a441b40 ffffea0000fab600 dead000000000006
[   78.300297][ T5322] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[   78.303656][ T5322] page dumped because: kasan: bad access detected
[   78.306319][ T5322] page_owner tracks the page as allocated
[   78.308869][ T5322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 22753648203, free_ts 0
[   78.316307][ T5322]  post_alloc_hook+0x240/0x2a0
[   78.318321][ T5322]  get_page_from_freelist+0x2365/0x2440
[   78.320604][ T5322]  __alloc_frozen_pages_noprof+0x181/0x370
[   78.323390][ T5322]  alloc_pages_mpol+0x232/0x4a0
[   78.325837][ T5322]  allocate_slab+0x96/0x3a0
[   78.328283][ T5322]  ___slab_alloc+0xe94/0x18a0
[   78.330444][ T5322]  __slab_alloc+0x65/0x100
[   78.332504][ T5322]  __kmalloc_cache_noprof+0x411/0x6f0
[   78.334882][ T5322]  bus_add_driver+0x162/0x640
[   78.336998][ T5322]  driver_register+0x23a/0x320
[   78.339058][ T5322]  do_one_initcall+0x236/0x820
[   78.341177][ T5322]  do_initcall_level+0x104/0x190
[   78.343260][ T5322]  do_initcalls+0x59/0xa0
[   78.345128][ T5322]  kernel_init_freeable+0x334/0x4b0
[   78.347377][ T5322]  kernel_init+0x1d/0x1d0
[   78.349292][ T5322]  ret_from_fork+0x4bc/0x870
[   78.351263][ T5322] page_owner free stack trace missing
[   78.353436][ T5322] 
[   78.354522][ T5322] Memory state around the buggy address:
[   78.356832][ T5322]  ffff88803ead6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.360348][ T5322]  ffff88803ead6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   78.363839][ T5322] >ffff88803ead6c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   78.368204][ T5322]                                                                 ^
[   78.371893][ T5322]  ffff88803ead6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.376617][ T5322]  ffff88803ead6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.379988][ T5322] ==================================================================
[   78.400073][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.403218][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   78.407165][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.411884][ T5322] Call Trace:
[   78.413343][ T5322]  <TASK>
[   78.414638][ T5322]  dump_stack_lvl+0x99/0x250
[   78.416951][ T5322]  ? __asan_memcpy+0x40/0x70
[   78.419464][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.421851][ T5322]  ? __pfx__printk+0x10/0x10
[   78.423952][ T5322]  vpanic+0x237/0x6d0
[   78.425716][ T5322]  ? __pfx_vpanic+0x10/0x10
[   78.427720][ T5322]  ? preempt_schedule+0xae/0xc0
[   78.429817][ T5322]  ? __pfx_preempt_schedule+0x10/0x10
[   78.432170][ T5322]  panic+0xb9/0xc0
[   78.433790][ T5322]  ? __pfx_panic+0x10/0x10
[   78.435781][ T5322]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   78.438252][ T5322]  ? change_page_attr_set_clr+0x625/0xfc0
[   78.440661][ T5322]  check_panic_on_warn+0x89/0xb0
[   78.442777][ T5322]  ? change_page_attr_set_clr+0x625/0xfc0
[   78.445204][ T5322]  end_report+0x78/0x160
[   78.447117][ T5322]  kasan_report+0x129/0x150
[   78.449124][ T5322]  ? change_page_attr_set_clr+0x625/0xfc0
[   78.451491][ T5322]  change_page_attr_set_clr+0x625/0xfc0
[   78.453865][ T5322]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[   78.456657][ T5322]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[   78.459316][ T5322]  ? memtype_reserve+0x874/0xb30
[   78.461454][ T5322]  ? __pfx___ww_mutex_lock+0x10/0x10
[   78.463673][ T5322]  _set_pages_array+0x145/0x270
[   78.465773][ T5322]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[   78.468401][ T5322]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[   78.471211][ T5322]  ? ww_mutex_lock+0x3f/0x1c0
[   78.473246][ T5322]  drm_gem_shmem_mmap+0x193/0x460
[   78.475440][ T5322]  drm_gem_mmap_obj+0x18a/0x4e0
[   78.477524][ T5322]  drm_gem_mmap+0x384/0x640
[   78.479540][ T5322]  ? __pfx_drm_gem_mmap+0x10/0x10
[   78.481718][ T5322]  ? __mas_set_range+0x12f/0x3c0
[   78.483956][ T5322]  mmap_region+0x18b4/0x2110
[   78.485897][ T5322]  ? __pfx_mmap_region+0x10/0x10
[   78.488037][ T5322]  ? __schedule+0x17ae/0x4cc0
[   78.490037][ T5322]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[   78.492762][ T5322]  ? rwsem_down_write_slowpath+0x472/0xfe0
[   78.495072][ T5322]  ? bpf_lsm_mmap_addr+0x9/0x20
[   78.497081][ T5322]  ? security_mmap_addr+0x71/0x270
[   78.499145][ T5322]  ? shmem_mapping+0xd/0x50
[   78.501309][ T5322]  ? memfd_check_seals_mmap+0xc5/0x200
[   78.503923][ T5322]  do_mmap+0xc45/0x10d0
[   78.505655][ T5322]  ? __pfx_do_mmap+0x10/0x10
[   78.507527][ T5322]  ? down_write_killable+0x178/0x230
[   78.509600][ T5322]  ? __pfx_down_write_killable+0x10/0x10
[   78.511969][ T5322]  ? common_file_perm+0x1b5/0x230
[   78.514162][ T5322]  vm_mmap_pgoff+0x2a6/0x4d0
[   78.516198][ T5322]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   78.518488][ T5322]  ? __fget_files+0x2a/0x420
[   78.520438][ T5322]  ? __fget_files+0x2a/0x420
[   78.522479][ T5322]  ? __fget_files+0x2a/0x420
[   78.524753][ T5322]  ksys_mmap_pgoff+0x51f/0x760
[   78.526837][ T5322]  do_syscall_64+0xfa/0xfa0
[   78.528747][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.531026][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.533564][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   78.535609][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.538096][ T5322] RIP: 0033:0x7f56a518eec9
[   78.539937][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.547398][ T5322] RSP: 002b:00007f56a608f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   78.550673][ T5322] RAX: ffffffffffffffda RBX: 00007f56a53e6090 RCX: 00007f56a518eec9
[   78.553775][ T5322] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[   78.557174][ T5322] RBP: 00007f56a5211f91 R08: 0000000000000003 R09: 0000000100000000
[   78.560670][ T5322] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[   78.564141][ T5322] R13: 00007f56a53e6128 R14: 00007f56a53e6090 R15: 00007ffd52546998
[   78.567634][ T5322]  </TASK>
[   78.569318][ T5322] Kernel Offset: disabled
[   78.571206][ T5322] Rebooting in 86400 seconds..