program:
r0 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaab2aa1c0000000000029078e00000017f0000011100947800000000"], 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x8, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000000)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r3, r3], &(0x7f0000000140)=[0x80], 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r2, 0xc03064ca, &(0x7f00000000c0)={&(0x7f00000001c0), &(0x7f0000000200)=[0xd, 0x0], 0x93, 0x3ffffffffffffedd, 0x2})
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r4 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106104724e0000000000010902240001000020000904000001030003100921000000012207000905810300040049902958bff78b955b5000"], 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f00000003c0)=0x47bc, 0x4)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x29, &(0x7f0000003500)=0x4, 0x4)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r5, &(0x7f0000005100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x45833af92e4b39ff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000009b2aff0a353d864f7f159f92086a0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x7, &(0x7f0000000680)=ANY=[@ANYBLOB="95000000000000000000001844000001000000000000000000c1215d0d0000000000008510000002000000678f1779cf41add00213e2fe8794bbd6e61d453229f1aba8fe8d87a164fe0707710658cdb4ec41f852b5b4a57e4b06f682be1450300cbbeeb5f2e553d1a6375483059dae64718708b926aa203ed488b2ad83918931cac5d1e991005cee5ab77a6a482d9a23d08a1276f2a6f194e995dfc4146a8f880822447870ed337c1f32b6f9be980948a1e031eacb882ee87a4990be495910d01784a02570c71db6a674fbe126483d9a9336e3189444373a6775cb974c90199e5fc768dd7af745a2ea486bf9e32137b95f0b1e5140223d945806867d0c63925e1d2e3c5e09ad06ea48dd9cbc1cec0a221b35dc53979fc55c1b681e261fb098a7586de8584942707377802a4f43030e9931fef69deeda47bc3cdb0a5b66bc747f79747b92270caf0b13eb2efe08bfc1f55a07cb0f75a4f3385d16ea04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r9=>0x0})
setsockopt$inet6_mreq(r8, 0x29, 0x1b, &(0x7f00000000c0)={@remote, r9}, 0x14)
sendmmsg$inet6(r7, &(0x7f0000000500)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001f40)=[@pktinfo={{0x24, 0x29, 0x32, {@remote, r9}}}, @dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x40}}], 0x1, 0x4000005)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000280)={0x2c, &(0x7f0000000080)={0x0, 0x31, 0xf, {0xf, 0xa, "fd77751d69be80dcbe0d219ac9"}}, &(0x7f0000000000)=ANY=[@ANYBLOB="08030400000004030a44"], &(0x7f0000000180)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, 0x0, 0x0}, 0x0)

[   86.766946][ T4707] Bluetooth: hci0: command tx timeout
[   86.861634][ T5367] ------------[ cut here ]------------
[   86.864145][ T5367] WARNING: CPU: 0 PID: 5367 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   86.868999][ T5367] Modules linked in:
[   86.870651][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.875091][ T5367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.879687][ T5367] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   86.882430][ T5367] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 13 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   86.891156][ T5367] RSP: 0018:ffffc9000d46f8e0 EFLAGS: 00010246
[   86.893751][ T5367] RAX: ffffc9000d46f900 RBX: 0000000000000016 RCX: 0000000000000000
[   86.897172][ T5367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d46f948
[   86.900895][ T5367] RBP: ffffc9000d46f9c8 R08: ffffc9000d46f947 R09: 0000000000000000
[   86.904010][ T5367] R10: ffffc9000d46f920 R11: fffff52001a8df29 R12: 0000000000000000
[   86.907049][ T5367] R13: 1ffff92001a8df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   86.910905][ T5367] FS:  00007f8c62e1c6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   86.915270][ T5367] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.918476][ T5367] CR2: 00007f8c61f729e0 CR3: 0000000043fdf000 CR4: 0000000000352ef0
[   86.921665][ T5367] Call Trace:
[   86.923120][ T5367]  <TASK>
[   86.924403][ T5367]  ? stack_depot_save_flags+0x40/0x860
[   86.926777][ T5367]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   86.930392][ T5367]  ? kasan_save_track+0x4f/0x80
[   86.932634][ T5367]  ? kasan_save_track+0x3e/0x80
[   86.934754][ T5367]  ? policy_nodemask+0x27c/0x720
[   86.937022][ T5367]  ? do_syscall_64+0xfa/0x3b0
[   86.939654][ T5367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.942488][ T5367]  alloc_pages_mpol+0x232/0x4a0
[   86.944802][ T5367]  ___kmalloc_large_node+0x5f/0x1b0
[   86.947206][ T5367]  __kmalloc_large_node_noprof+0x18/0x90
[   86.949756][ T5367]  __kmalloc_noprof+0x36f/0x4f0
[   86.951972][ T5367]  ? drm_syncobj_array_find+0x3a/0x450
[   86.954398][ T5367]  drm_syncobj_array_find+0x3a/0x450
[   86.956804][ T5367]  drm_syncobj_timeline_wait_ioctl+0x1b7/0x560
[   86.959718][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   86.962696][ T5367]  drm_ioctl_kernel+0x2cf/0x390
[   86.964962][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   86.967887][ T5367]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.970365][ T5367]  drm_ioctl+0x67f/0xb10
[   86.972302][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   86.975181][ T5367]  ? __pfx_drm_ioctl+0x10/0x10
[   86.977316][ T5367]  ? __fget_files+0x2a/0x420
[   86.979649][ T5367]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.981840][ T5367]  ? __pfx_drm_ioctl+0x10/0x10
[   86.983981][ T5367]  __se_sys_ioctl+0xfc/0x170
[   86.986035][ T5367]  do_syscall_64+0xfa/0x3b0
[   86.988240][ T5367]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.990314][ T5367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.992810][ T5367]  ? clear_bhb_loop+0x60/0xb0
[   86.994712][ T5367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.997092][ T5367] RIP: 0033:0x7f8c61f8ec29
[   86.999451][ T5367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.007505][ T5367] RSP: 002b:00007f8c62e1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.011627][ T5367] RAX: ffffffffffffffda RBX: 00007f8c621d5fa0 RCX: 00007f8c61f8ec29
[   87.015112][ T5367] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000005
[   87.018965][ T5367] RBP: 00007f8c62011e41 R08: 0000000000000000 R09: 0000000000000000
[   87.022474][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.025970][ T5367] R13: 00007f8c621d6038 R14: 00007f8c621d5fa0 R15: 00007ffdc2a01a18
[   87.029665][ T5367]  </TASK>
[   87.031091][ T5367] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.034288][ T5367] CPU: 0 UID: 0 PID: 5367 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.038225][ T5367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.042834][ T5367] Call Trace:
[   87.044354][ T5367]  <TASK>
[   87.045668][ T5367]  dump_stack_lvl+0x99/0x250
[   87.047745][ T5367]  ? __asan_memcpy+0x40/0x70
[   87.049791][ T5367]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.052126][ T5367]  ? __pfx__printk+0x10/0x10
[   87.054247][ T5367]  vpanic+0x281/0x750
[   87.056091][ T5367]  ? __pfx__printk+0x10/0x10
[   87.058263][ T5367]  ? __pfx_vpanic+0x10/0x10
[   87.060298][ T5367]  ? is_bpf_text_address+0x26/0x2b0
[   87.062705][ T5367]  panic+0xb9/0xc0
[   87.064442][ T5367]  ? __pfx_panic+0x10/0x10
[   87.066488][ T5367]  __warn+0x31b/0x4b0
[   87.068369][ T5367]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.071013][ T5367]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.073629][ T5367]  report_bug+0x2be/0x4f0
[   87.075561][ T5367]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.078297][ T5367]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   87.080938][ T5367]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   87.083587][ T5367]  handle_bug+0x84/0x160
[   87.085407][ T5367]  exc_invalid_op+0x1a/0x50
[   87.087504][ T5367]  asm_exc_invalid_op+0x1a/0x20
[   87.089717][ T5367] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   87.092704][ T5367] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 13 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   87.101106][ T5367] RSP: 0018:ffffc9000d46f8e0 EFLAGS: 00010246
[   87.103807][ T5367] RAX: ffffc9000d46f900 RBX: 0000000000000016 RCX: 0000000000000000
[   87.107371][ T5367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d46f948
[   87.110913][ T5367] RBP: ffffc9000d46f9c8 R08: ffffc9000d46f947 R09: 0000000000000000
[   87.114447][ T5367] R10: ffffc9000d46f920 R11: fffff52001a8df29 R12: 0000000000000000
[   87.118115][ T5367] R13: 1ffff92001a8df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   87.121707][ T5367]  ? stack_depot_save_flags+0x40/0x860
[   87.124190][ T5367]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   87.127052][ T5367]  ? kasan_save_track+0x4f/0x80
[   87.129265][ T5367]  ? kasan_save_track+0x3e/0x80
[   87.131359][ T5367]  ? policy_nodemask+0x27c/0x720
[   87.133508][ T5367]  ? do_syscall_64+0xfa/0x3b0
[   87.135469][ T5367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.138184][ T5367]  alloc_pages_mpol+0x232/0x4a0
[   87.140423][ T5367]  ___kmalloc_large_node+0x5f/0x1b0
[   87.142776][ T5367]  __kmalloc_large_node_noprof+0x18/0x90
[   87.145278][ T5367]  __kmalloc_noprof+0x36f/0x4f0
[   87.147517][ T5367]  ? drm_syncobj_array_find+0x3a/0x450
[   87.149977][ T5367]  drm_syncobj_array_find+0x3a/0x450
[   87.152367][ T5367]  drm_syncobj_timeline_wait_ioctl+0x1b7/0x560
[   87.155152][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   87.158181][ T5367]  drm_ioctl_kernel+0x2cf/0x390
[   87.160405][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   87.163398][ T5367]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   87.165830][ T5367]  drm_ioctl+0x67f/0xb10
[   87.167802][ T5367]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   87.170734][ T5367]  ? __pfx_drm_ioctl+0x10/0x10
[   87.172805][ T5367]  ? __fget_files+0x2a/0x420
[   87.174798][ T5367]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.176824][ T5367]  ? __pfx_drm_ioctl+0x10/0x10
[   87.178779][ T5367]  __se_sys_ioctl+0xfc/0x170
[   87.180686][ T5367]  do_syscall_64+0xfa/0x3b0
[   87.182492][ T5367]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.184566][ T5367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.187029][ T5367]  ? clear_bhb_loop+0x60/0xb0
[   87.188956][ T5367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.191409][ T5367] RIP: 0033:0x7f8c61f8ec29
[   87.193299][ T5367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.201298][ T5367] RSP: 002b:00007f8c62e1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.204863][ T5367] RAX: ffffffffffffffda RBX: 00007f8c621d5fa0 RCX: 00007f8c61f8ec29
[   87.208307][ T5367] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000005
[   87.211813][ T5367] RBP: 00007f8c62011e41 R08: 0000000000000000 R09: 0000000000000000
[   87.215409][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.218868][ T5367] R13: 00007f8c621d6038 R14: 00007f8c621d5fa0 R15: 00007ffdc2a01a18
[   87.222450][ T5367]  </TASK>
[   87.224163][ T5367] Kernel Offset: disabled
[   87.226054][ T5367] Rebooting in 86400 seconds..