program:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x90) (async)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000003c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r1, 0xc01064c4, &(0x7f0000000080)={&(0x7f0000000040)=[r2, r2], 0x2}) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, 0x48, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x59}, [@ldst={0x5}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x5032}) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000300)="2039d60b1eac733fec89294843f93a3b41fae01832fecdb86b8c12d3059a4102f4b2ef81a799f647a9ef88ecd0886a0b9ef338792b794fc6c95ce7a1e5ca6b1f7c", &(0x7f00000004c0)=""/242, &(0x7f0000000280)="b4adb0c4f40023d93ee08e795a8795fee3e3bb44b42fc887bda19e5ed263cbfe5063267f945f3a", &(0x7f00000005c0)="bbf7e36d8441f246d8df59d735907753ffb5befc3f0e9da525fd5dfdca155d96b6a0aa0f5c2c3a0ff66bb24192c370d9aba070e31b4bbd1715c921a0320e1a74079356d1d037725564323203da710e10b9538e4b480832c5a96f6ab987a8bb", 0x7b8, r5, 0x4}, 0x38) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[], 0x14}}, 0x0) (async)
io_setup(0xbf, &(0x7f0000000100)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x20000000, 0x0, 0x7, 0x8, 0x0, r4, &(0x7f0000000080)='\x00\x00', 0x2}]) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000002c0)='inet_sock_set_state\x00', r0}, 0x10) (async)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000800)

[   85.541955][   T47] Bluetooth: hci0: command tx timeout
[   85.637837][ T5345] ------------[ cut here ]------------
[   85.640472][ T5345] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5345
[   85.646065][ T5345] Modules linked in:
[   85.648101][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.652700][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.657215][ T5345] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.661026][ T5345] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 43 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.669604][ T5345] RSP: 0018:ffffc9000c7f7960 EFLAGS: 00010246
[   85.672415][ T5345] RAX: ffffc9000c7f7900 RBX: 000000000000000d RCX: 0000000000000000
[   85.675960][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c7f79c8
[   85.679314][ T5345] RBP: ffffc9000c7f7a60 R08: ffffc9000c7f79c7 R09: 0000000000000000
[   85.682957][ T5345] R10: ffffc9000c7f79a0 R11: fffff520018fef39 R12: 0000000000000000
[   85.686496][ T5345] R13: 1ffff920018fef30 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.689941][ T5345] FS:  00007fe324ecb6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[   85.695604][ T5345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.699233][ T5345] CR2: 000055a74f61d4d8 CR3: 00000000312cb000 CR4: 0000000000352ef0
[   85.703082][ T5345] Call Trace:
[   85.704654][ T5345]  <TASK>
[   85.705998][ T5345]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   85.708592][ T5345]  ? __se_sys_ioctl+0x47/0x170
[   85.710824][ T5345]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.713625][ T5345]  ? policy_nodemask+0x27c/0x720
[   85.715965][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   85.718316][ T5345]  alloc_pages_mpol+0x232/0x4a0
[   85.720565][ T5345]  ___kmalloc_large_node+0x4e/0x150
[   85.722980][ T5345]  __kmalloc_large_node_noprof+0x18/0x90
[   85.725409][ T5345]  __kmalloc_noprof+0x4c9/0x800
[   85.727664][ T5345]  ? drm_dev_enter+0x49/0x150
[   85.729765][ T5345]  ? drm_syncobj_array_find+0x3a/0x450
[   85.732358][ T5345]  drm_syncobj_array_find+0x3a/0x450
[   85.734762][ T5345]  drm_syncobj_reset_ioctl+0x16b/0x2f0
[   85.737160][ T5345]  drm_ioctl_kernel+0x2cf/0x390
[   85.739293][ T5345]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.741822][ T5345]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.743893][ T5345]  drm_ioctl+0x67f/0xb10
[   85.745668][ T5345]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.748150][ T5345]  ? __pfx_drm_ioctl+0x10/0x10
[   85.750411][ T5345]  ? __fget_files+0x2a/0x420
[   85.753310][ T5345]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.755718][ T5345]  ? __pfx_drm_ioctl+0x10/0x10
[   85.757709][ T5345]  __se_sys_ioctl+0xfc/0x170
[   85.759789][ T5345]  do_syscall_64+0xec/0xf80
[   85.762157][ T5345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.764714][ T5345]  ? trace_irq_disable+0x37/0x100
[   85.766908][ T5345]  ? clear_bhb_loop+0x60/0xb0
[   85.769085][ T5345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.771965][ T5345] RIP: 0033:0x7fe323f8f7c9
[   85.774045][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.782337][ T5345] RSP: 002b:00007fe324ecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.786003][ T5345] RAX: ffffffffffffffda RBX: 00007fe3241e5fa0 RCX: 00007fe323f8f7c9
[   85.789423][ T5345] RDX: 0000200000000080 RSI: 00000000c01064c4 RDI: 0000000000000004
[   85.792726][ T5345] RBP: 00007fe324013f91 R08: 0000000000000000 R09: 0000000000000000
[   85.796373][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.799753][ T5345] R13: 00007fe3241e6038 R14: 00007fe3241e5fa0 R15: 00007fff35fb6d38
[   85.803207][ T5345]  </TASK>
[   85.804615][ T5345] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.807774][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.811848][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.816918][ T5345] Call Trace:
[   85.818618][ T5345]  <TASK>
[   85.819885][ T5345]  vpanic+0x1e0/0x670
[   85.821371][ T5345]  panic+0xb9/0xc0
[   85.823152][ T5345]  ? __pfx_panic+0x10/0x10
[   85.825179][ T5345]  __warn+0x317/0x4b0
[   85.827051][ T5345]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.829689][ T5345]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.832229][ T5345]  __report_bug+0x288/0x500
[   85.834134][ T5345]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.836617][ T5345]  ? __pfx___report_bug+0x10/0x10
[   85.838784][ T5345]  ? is_bpf_text_address+0x292/0x2b0
[   85.840939][ T5345]  ? is_bpf_text_address+0x26/0x2b0
[   85.843070][ T5345]  ? kernel_text_address+0xa5/0xe0
[   85.845368][ T5345]  ? __kernel_text_address+0xd/0x40
[   85.847949][ T5345]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   85.851037][ T5345]  ? arch_stack_walk+0xfc/0x150
[   85.853155][ T5345]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.855651][ T5345]  report_bug+0x16a/0x220
[   85.857503][ T5345]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.860111][ T5345]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   85.862681][ T5345]  handle_bug+0x98/0x200
[   85.864560][ T5345]  exc_invalid_op+0x1a/0x50
[   85.866531][ T5345]  asm_exc_invalid_op+0x1a/0x20
[   85.868674][ T5345] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.871636][ T5345] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 43 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.880301][ T5345] RSP: 0018:ffffc9000c7f7960 EFLAGS: 00010246
[   85.883200][ T5345] RAX: ffffc9000c7f7900 RBX: 000000000000000d RCX: 0000000000000000
[   85.886567][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c7f79c8
[   85.889940][ T5345] RBP: ffffc9000c7f7a60 R08: ffffc9000c7f79c7 R09: 0000000000000000
[   85.893132][ T5345] R10: ffffc9000c7f79a0 R11: fffff520018fef39 R12: 0000000000000000
[   85.896003][ T5345] R13: 1ffff920018fef30 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.898964][ T5345]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   85.901166][ T5345]  ? __se_sys_ioctl+0x47/0x170
[   85.903132][ T5345]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.905679][ T5345]  ? policy_nodemask+0x27c/0x720
[   85.911927][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   85.914236][ T5345]  alloc_pages_mpol+0x232/0x4a0
[   85.916509][ T5345]  ___kmalloc_large_node+0x4e/0x150
[   85.918782][ T5345]  __kmalloc_large_node_noprof+0x18/0x90
[   85.921161][ T5345]  __kmalloc_noprof+0x4c9/0x800
[   85.923096][ T5345]  ? drm_dev_enter+0x49/0x150
[   85.924885][ T5345]  ? drm_syncobj_array_find+0x3a/0x450
[   85.927132][ T5345]  drm_syncobj_array_find+0x3a/0x450
[   85.929260][ T5345]  drm_syncobj_reset_ioctl+0x16b/0x2f0
[   85.931494][ T5345]  drm_ioctl_kernel+0x2cf/0x390
[   85.933564][ T5345]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.936138][ T5345]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.938620][ T5345]  drm_ioctl+0x67f/0xb10
[   85.940406][ T5345]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.942858][ T5345]  ? __pfx_drm_ioctl+0x10/0x10
[   85.944915][ T5345]  ? __fget_files+0x2a/0x420
[   85.946956][ T5345]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.949077][ T5345]  ? __pfx_drm_ioctl+0x10/0x10
[   85.951114][ T5345]  __se_sys_ioctl+0xfc/0x170
[   85.953071][ T5345]  do_syscall_64+0xec/0xf80
[   85.954995][ T5345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.957598][ T5345]  ? trace_irq_disable+0x37/0x100
[   85.959869][ T5345]  ? clear_bhb_loop+0x60/0xb0
[   85.962012][ T5345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.965077][ T5345] RIP: 0033:0x7fe323f8f7c9
[   85.967627][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.976229][ T5345] RSP: 002b:00007fe324ecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.980081][ T5345] RAX: ffffffffffffffda RBX: 00007fe3241e5fa0 RCX: 00007fe323f8f7c9
[   85.983489][ T5345] RDX: 0000200000000080 RSI: 00000000c01064c4 RDI: 0000000000000004
[   85.986577][ T5345] RBP: 00007fe324013f91 R08: 0000000000000000 R09: 0000000000000000
[   85.989827][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.993284][ T5345] R13: 00007fe3241e6038 R14: 00007fe3241e5fa0 R15: 00007fff35fb6d38
[   85.997330][ T5345]  </TASK>
[   85.999731][ T5345] Kernel Offset: disabled
[   86.002992][ T5345] Rebooting in 86400 seconds..