program:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r8)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xdb, 0x9d, 0x1b, 0x8, 0x12d1, 0xfae2, 0x708b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x4, 0x1a}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r8, 0xc0085504, &(0x7f0000000400))
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket(0x10, 0x803, 0x0)

[   86.304766][ T5321] Bluetooth: hci0: command tx timeout
[   86.362488][ T5344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'.
[   86.405451][ T5344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'.
[   86.414568][ T5344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[   86.494304][   T10] cfg80211: failed to load regulatory.db
[   86.894039][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.044118][   T10] usb 5-1: Using ep0 maxpacket: 8
[   87.051247][   T10] usb 5-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[   87.055188][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.058653][   T10] usb 5-1: Product: syz
[   87.061209][   T10] usb 5-1: Manufacturer: syz
[   87.063256][   T10] usb 5-1: SerialNumber: syz
[   87.076401][   T10] usb 5-1: config 0 descriptor??
[   87.086960][   T10] option 5-1:0.0: GSM modem (1-port) converter detected
[   87.281337][ T5344] ------------[ cut here ]------------
[   87.283772][ T5344] WARNING: mm/page_alloc.c:5154 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5344
[   87.291359][ T5344] Modules linked in:
[   87.292926][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.296814][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.301034][ T5344] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   87.303673][ T5344] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 a0 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 05 c9 4f 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   87.311783][ T5344] RSP: 0018:ffffc9000d4d7920 EFLAGS: 00010246
[   87.314560][ T5344] RAX: ffffc9000d4d7900 RBX: 0000000000000013 RCX: 0000000000000000
[   87.317897][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d4d7988
[   87.321174][ T5344] RBP: ffffc9000d4d7a18 R08: ffffc9000d4d7987 R09: 0000000000000000
[   87.324680][ T5344] R10: ffffc9000d4d7960 R11: fffff52001a9af31 R12: 0000000000000000
[   87.327991][ T5344] R13: 1ffff92001a9af28 R14: 0000000000040cc0 R15: dffffc0000000000
[   87.331384][ T5344] FS:  00007fcac535b6c0(0000) GS:ffff88808d6b5000(0000) knlGS:0000000000000000
[   87.335218][ T5344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.337970][ T5344] CR2: 0000562d3dda0710 CR3: 0000000010fca000 CR4: 0000000000352ef0
[   87.341430][ T5344] Call Trace:
[   87.343029][ T5344]  <TASK>
[   87.344491][ T5344]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   87.347279][ T5344]  ? policy_nodemask+0x27c/0x720
[   87.349498][ T5344]  alloc_pages_mpol+0x232/0x4a0
[   87.351659][ T5344]  ___kmalloc_large_node+0x5f/0x1b0
[   87.354063][ T5344]  __kmalloc_large_node_noprof+0x18/0x90
[   87.356458][ T5344]  __kmalloc_noprof+0x4bd/0x7e0
[   87.358348][ T5344]  ? raw_ioctl+0x1962/0x3bc0
[   87.360343][ T5344]  raw_ioctl+0x1962/0x3bc0
[   87.362158][ T5344]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   87.365599][ T5344]  ? do_vfs_ioctl+0xbe8/0x1430
[   87.368455][ T5344]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   87.371351][ T5344]  ? __pfx_raw_ioctl+0x10/0x10
[   87.374295][ T5344]  ? do_futex+0x395/0x420
[   87.376070][ T5344]  ? __fget_files+0x2a/0x420
[   87.377970][ T5344]  ? __fget_files+0x3a0/0x420
[   87.379909][ T5344]  ? __fget_files+0x2a/0x420
[   87.381843][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.384046][ T5344]  ? __pfx_raw_ioctl+0x10/0x10
[   87.386128][ T5344]  __se_sys_ioctl+0xfc/0x170
[   87.388069][ T5344]  do_syscall_64+0xfa/0xf80
[   87.390077][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.392366][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   87.394292][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.396836][ T5344] RIP: 0033:0x7fcac458f7c9
[   87.398827][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.407323][ T5344] RSP: 002b:00007fcac535b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.410592][ T5344] RAX: ffffffffffffffda RBX: 00007fcac47e5fa0 RCX: 00007fcac458f7c9
[   87.413448][ T5344] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 000000000000000b
[   87.416658][ T5344] RBP: 00007fcac4613f91 R08: 0000000000000000 R09: 0000000000000000
[   87.420078][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.423200][ T5344] R13: 00007fcac47e6038 R14: 00007fcac47e5fa0 R15: 00007ffc4a710238
[   87.426857][ T5344]  </TASK>
[   87.428270][ T5344] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.431410][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.435261][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.440690][ T5344] Call Trace:
[   87.442174][ T5344]  <TASK>
[   87.443516][ T5344]  dump_stack_lvl+0x99/0x250
[   87.445400][ T5344]  ? __asan_memcpy+0x40/0x70
[   87.447251][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.449382][ T5344]  ? __pfx__printk+0x10/0x10
[   87.451485][ T5344]  vpanic+0x237/0x6d0
[   87.453104][ T5344]  ? __pfx_vpanic+0x10/0x10
[   87.455047][ T5344]  ? is_bpf_text_address+0x292/0x2b0
[   87.457365][ T5344]  ? is_bpf_text_address+0x26/0x2b0
[   87.459672][ T5344]  panic+0xb9/0xc0
[   87.461397][ T5344]  ? __pfx_panic+0x10/0x10
[   87.463384][ T5344]  __warn+0x317/0x4b0
[   87.464987][ T5344]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.467375][ T5344]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.469751][ T5344]  __report_bug+0x288/0x500
[   87.471524][ T5344]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.473928][ T5344]  ? __pfx___report_bug+0x10/0x10
[   87.475925][ T5344]  ? is_bpf_text_address+0x292/0x2b0
[   87.478109][ T5344]  ? is_bpf_text_address+0x26/0x2b0
[   87.480439][ T5344]  ? kernel_text_address+0xa5/0xe0
[   87.482526][ T5344]  ? __kernel_text_address+0xd/0x40
[   87.484723][ T5344]  ? unwind_get_return_address+0x4d/0x90
[   87.486945][ T5344]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.489329][ T5344]  report_bug+0x16a/0x220
[   87.491083][ T5344]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.493668][ T5344]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   87.496005][ T5344]  handle_bug+0x98/0x200
[   87.497790][ T5344]  exc_invalid_op+0x1a/0x50
[   87.499659][ T5344]  asm_exc_invalid_op+0x1a/0x20
[   87.501802][ T5344] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   87.504485][ T5344] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 a0 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 05 c9 4f 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   87.512604][ T5344] RSP: 0018:ffffc9000d4d7920 EFLAGS: 00010246
[   87.515020][ T5344] RAX: ffffc9000d4d7900 RBX: 0000000000000013 RCX: 0000000000000000
[   87.518237][ T5344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d4d7988
[   87.521557][ T5344] RBP: ffffc9000d4d7a18 R08: ffffc9000d4d7987 R09: 0000000000000000
[   87.525461][ T5344] R10: ffffc9000d4d7960 R11: fffff52001a9af31 R12: 0000000000000000
[   87.529557][ T5344] R13: 1ffff92001a9af28 R14: 0000000000040cc0 R15: dffffc0000000000
[   87.533123][ T5344]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   87.535813][ T5344]  ? policy_nodemask+0x27c/0x720
[   87.537841][ T5344]  alloc_pages_mpol+0x232/0x4a0
[   87.540016][ T5344]  ___kmalloc_large_node+0x5f/0x1b0
[   87.542540][ T5344]  __kmalloc_large_node_noprof+0x18/0x90
[   87.544711][ T5344]  __kmalloc_noprof+0x4bd/0x7e0
[   87.546869][ T5344]  ? raw_ioctl+0x1962/0x3bc0
[   87.549021][ T5344]  raw_ioctl+0x1962/0x3bc0
[   87.551073][ T5344]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   87.553430][ T5344]  ? do_vfs_ioctl+0xbe8/0x1430
[   87.555279][ T5344]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   87.557337][ T5344]  ? __pfx_raw_ioctl+0x10/0x10
[   87.559124][ T5344]  ? do_futex+0x395/0x420
[   87.560731][ T5344]  ? __fget_files+0x2a/0x420
[   87.562490][ T5344]  ? __fget_files+0x3a0/0x420
[   87.564123][ T5344]  ? __fget_files+0x2a/0x420
[   87.565986][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.568040][ T5344]  ? __pfx_raw_ioctl+0x10/0x10
[   87.569931][ T5344]  __se_sys_ioctl+0xfc/0x170
[   87.571742][ T5344]  do_syscall_64+0xfa/0xf80
[   87.573785][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.576539][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   87.578641][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.581206][ T5344] RIP: 0033:0x7fcac458f7c9
[   87.583068][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.591334][ T5344] RSP: 002b:00007fcac535b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.594926][ T5344] RAX: ffffffffffffffda RBX: 00007fcac47e5fa0 RCX: 00007fcac458f7c9
[   87.598132][ T5344] RDX: 0000200000000400 RSI: 00000000c0085504 RDI: 000000000000000b
[   87.601451][ T5344] RBP: 00007fcac4613f91 R08: 0000000000000000 R09: 0000000000000000
[   87.604737][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.608171][ T5344] R13: 00007fcac47e6038 R14: 00007fcac47e5fa0 R15: 00007ffc4a710238
[   87.611602][ T5344]  </TASK>
[   87.613950][ T5344] Kernel Offset: disabled
[   87.615742][ T5344] Rebooting in 86400 seconds..