program:
r0 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r1], 0x0, 0x1}) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/timer\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020) (async)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)={0x54, r4, 0x10, 0xffffffff, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xe}}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0x54}}, 0x0) (async)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, r4, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x28, 0x6}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20044890)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r0, 0xc01064c1, &(0x7f0000000240)={r1, 0x1, <r6=>0xffffffffffffffff})
r7 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x1c, r9, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x0) (async)
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, &(0x7f0000000140)={""/32, 0x0, 0x0, 0x0, 0x700, 0x0})

[   68.106349][ T4666] Bluetooth: hci0: command tx timeout
[   68.144427][ T5320] ------------[ cut here ]------------
[   68.146668][ T5320] WARNING: CPU: 0 PID: 5320 at mm/page_alloc.c:4729 __alloc_pages_noprof+0x3c5/0x710
[   68.150084][ T5320] Modules linked in:
[   68.153816][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0
[   68.161845][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.165744][ T5320] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710
[   68.168269][ T5320] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 08 ac 0c 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e
[   68.175381][ T5320] RSP: 0018:ffffc9000d37f900 EFLAGS: 00010246
[   68.177937][ T5320] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   68.180758][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d37f988
[   68.183587][ T5320] RBP: ffffc9000d37fa18 R08: ffffc9000d37f987 R09: 0000000000000000
[   68.186500][ T5320] R10: ffffc9000d37f960 R11: fffff52001a6ff31 R12: 0000000000000013
[   68.189284][ T5320] R13: 0000000000040cc0 R14: 1ffff92001a6ff28 R15: 1ffff92001a6ff24
[   68.192121][ T5320] FS:  00007fc5fb33c6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.195332][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.197741][ T5320] CR2: 00007fc5fb319fb8 CR3: 0000000033a08000 CR4: 0000000000352ef0
[   68.200704][ T5320] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.203499][ T5320] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.206416][ T5320] Call Trace:
[   68.207568][ T5320]  <TASK>
[   68.208587][ T5320]  ? __warn+0x165/0x4d0
[   68.210047][ T5320]  ? __alloc_pages_noprof+0x3c5/0x710
[   68.211938][ T5320]  ? report_bug+0x2b3/0x500
[   68.213578][ T5320]  ? __alloc_pages_noprof+0x3c5/0x710
[   68.215433][ T5320]  ? handle_bug+0x60/0x90
[   68.217090][ T5320]  ? exc_invalid_op+0x1a/0x50
[   68.218804][ T5320]  ? asm_exc_invalid_op+0x1a/0x20
[   68.220724][ T5320]  ? __alloc_pages_noprof+0x3c5/0x710
[   68.222609][ T5320]  ? kasan_save_track+0x51/0x80
[   68.224266][ T5320]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   68.226419][ T5320]  ? __lock_acquire+0x1397/0x2100
[   68.228185][ T5320]  ___kmalloc_large_node+0x8b/0x1d0
[   68.230168][ T5320]  __kmalloc_large_node_noprof+0x1a/0x80
[   68.232075][ T5320]  __kmalloc_noprof+0x339/0x4c0
[   68.233780][ T5320]  ? drm_syncobj_array_find+0x3a/0x460
[   68.235800][ T5320]  drm_syncobj_array_find+0x3a/0x460
[   68.237744][ T5320]  drm_syncobj_timeline_signal_ioctl+0x1f2/0x880
[   68.239995][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.242309][ T5320]  ? drm_dev_enter+0x48/0x160
[   68.243936][ T5320]  drm_ioctl_kernel+0x337/0x440
[   68.245718][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.247909][ T5320]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   68.249736][ T5320]  ? __might_fault+0xaa/0x120
[   68.251415][ T5320]  drm_ioctl+0x60e/0xad0
[   68.252887][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.255275][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   68.257047][ T5320]  ? __fget_files+0x2a/0x410
[   68.258653][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   68.260208][ T5320]  __se_sys_ioctl+0xf5/0x170
[   68.261735][ T5320]  do_syscall_64+0xf3/0x230
[   68.263401][ T5320]  ? clear_bhb_loop+0x35/0x90
[   68.265476][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.267858][ T5320] RIP: 0033:0x7fc5fa585d29
[   68.269503][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.276977][ T5320] RSP: 002b:00007fc5fb33c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.280593][ T5320] RAX: ffffffffffffffda RBX: 00007fc5fa775fa0 RCX: 00007fc5fa585d29
[   68.283415][ T5320] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000003
[   68.286311][ T5320] RBP: 00007fc5fa601b08 R08: 0000000000000000 R09: 0000000000000000
[   68.289125][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.291843][ T5320] R13: 0000000000000000 R14: 00007fc5fa775fa0 R15: 00007ffe36cde178
[   68.294623][ T5320]  </TASK>
[   68.295728][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.298367][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-02526-gc4b9570cfb63 #0
[   68.301910][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.305657][ T5320] Call Trace:
[   68.306852][ T5320]  <TASK>
[   68.307934][ T5320]  dump_stack_lvl+0x241/0x360
[   68.309567][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.311393][ T5320]  ? __pfx__printk+0x10/0x10
[   68.312974][ T5320]  ? _printk+0xd5/0x120
[   68.314543][ T5320]  ? __init_begin+0x41000/0x41000
[   68.316302][ T5320]  ? vscnprintf+0x5d/0x90
[   68.317844][ T5320]  panic+0x349/0x880
[   68.319294][ T5320]  ? __warn+0x174/0x4d0
[   68.320747][ T5320]  ? __pfx_panic+0x10/0x10
[   68.322389][ T5320]  __warn+0x344/0x4d0
[   68.323715][ T5320]  ? __alloc_pages_noprof+0x3c5/0x710
[   68.325463][ T5320]  report_bug+0x2b3/0x500
[   68.326946][ T5320]  ? __alloc_pages_noprof+0x3c5/0x710
[   68.328713][ T5320]  handle_bug+0x60/0x90
[   68.330095][ T5320]  exc_invalid_op+0x1a/0x50
[   68.331637][ T5320]  asm_exc_invalid_op+0x1a/0x20
[   68.333253][ T5320] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710
[   68.335267][ T5320] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 08 ac 0c 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e
[   68.341323][ T5320] RSP: 0018:ffffc9000d37f900 EFLAGS: 00010246
[   68.343311][ T5320] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   68.346001][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d37f988
[   68.348545][ T5320] RBP: ffffc9000d37fa18 R08: ffffc9000d37f987 R09: 0000000000000000
[   68.351249][ T5320] R10: ffffc9000d37f960 R11: fffff52001a6ff31 R12: 0000000000000013
[   68.354059][ T5320] R13: 0000000000040cc0 R14: 1ffff92001a6ff28 R15: 1ffff92001a6ff24
[   68.356916][ T5320]  ? kasan_save_track+0x51/0x80
[   68.359032][ T5320]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   68.361310][ T5320]  ? __lock_acquire+0x1397/0x2100
[   68.363096][ T5320]  ___kmalloc_large_node+0x8b/0x1d0
[   68.365018][ T5320]  __kmalloc_large_node_noprof+0x1a/0x80
[   68.367038][ T5320]  __kmalloc_noprof+0x339/0x4c0
[   68.368790][ T5320]  ? drm_syncobj_array_find+0x3a/0x460
[   68.370889][ T5320]  drm_syncobj_array_find+0x3a/0x460
[   68.372968][ T5320]  drm_syncobj_timeline_signal_ioctl+0x1f2/0x880
[   68.375515][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.378194][ T5320]  ? drm_dev_enter+0x48/0x160
[   68.380134][ T5320]  drm_ioctl_kernel+0x337/0x440
[   68.382306][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.385343][ T5320]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   68.387600][ T5320]  ? __might_fault+0xaa/0x120
[   68.389232][ T5320]  drm_ioctl+0x60e/0xad0
[   68.390709][ T5320]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.393079][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   68.394893][ T5320]  ? __fget_files+0x2a/0x410
[   68.396600][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   68.398318][ T5320]  __se_sys_ioctl+0xf5/0x170
[   68.400041][ T5320]  do_syscall_64+0xf3/0x230
[   68.401647][ T5320]  ? clear_bhb_loop+0x35/0x90
[   68.403343][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.405594][ T5320] RIP: 0033:0x7fc5fa585d29
[   68.407203][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.413979][ T5320] RSP: 002b:00007fc5fb33c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.416998][ T5320] RAX: ffffffffffffffda RBX: 00007fc5fa775fa0 RCX: 00007fc5fa585d29
[   68.419866][ T5320] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000003
[   68.422762][ T5320] RBP: 00007fc5fa601b08 R08: 0000000000000000 R09: 0000000000000000
[   68.425590][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.428376][ T5320] R13: 0000000000000000 R14: 00007fc5fa775fa0 R15: 00007ffe36cde178
[   68.431499][ T5320]  </TASK>
[   68.433010][ T5320] Kernel Offset: disabled
[   68.434696][ T5320] Rebooting in 86400 seconds..