program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000010900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c00028008000140000000110800034000000005080002400000000114000000110001"], 0xdc}}, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002080)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000020c0)={0x28, r3, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) (async)
personality(0x400000) (async)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0) (async)
listen(r1, 0x3) (async)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) (async)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010001, 0x2, 0xa, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36c800def96015e0fb7e904d865c2fdc458ec58d347f41be5a08", [0x4, 0x7]}) (async)
r5 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, &(0x7f0000000000)={<r6=>0x0}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r5, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080), &(0x7f0000000140)=[0x80], 0x9ee79f02e7dab1cb})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r5, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r6], &(0x7f0000000100)=[0xd], 0xfffffffffffeffff, 0x1, 0xb})
syz_emit_ethernet(0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080045000028006500000006907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="283631567532d6778a14afb6432406ed978d9f28d938f532bb09ca85dfa5d4ee06585348f07e61efdfacf8f882400f5d9b4d45c2b41a92c58f4eae317d72bc70e18ccae73cdc4705c96aec779b3d4d91a8748e39525c37fa1dc2e330a597fcdcadc60cdb5b2ce44859eabf1a63ca83083ed97aef5878563291086842dcf208e4fd79b8918f170a95b9ebe3b7ab6358b71b72c80cd09baccfc483d5cf2bfc96abf176788c6f609c2fa3c2bc1ea824505eeaf61f8909adb107a5e58f3a9abd03fd2fadb5f316878315295b77c0f3851ccfd9b96b4cd63975dbd560f66784a201bac9791aefeba83af6895954e2f91bfabb2cfd8b6042c63607b61fe335747ea5"], 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, <r9=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x1, 0x0})
syz_emit_ethernet(0x193, &(0x7f0000000600)=ANY=[@ANYBLOB="aa07000000000000000012000800440001850068000002029078e0000002ac14140e94040000890b6664010102000000004414fe03ac1414bb00007fffac14141700000ae2940df45d2673275240e32be11c442c9933ac1414bb00000005ac1414bb000000046401010200000479ac14141100007fff640101000000007f070bf6e0000001ac1414aa0144542d4364010101ffffffffffffffff0000000900000000000000067f000001000000057f000001000008000000000000000002ac1e000100000005ffffffff00000c31ac1414bb00000007ac1414aa00000009150390780a010101e1efba66228dd40487e1af3e2ef736881ffe6075c755ae2bb06139a16e9a507f070cde0d84473190c180e96c3b582a049efec6b1ecb4aca29e677bdeedb94a2d5cdd73f5960e6d36d2f1b5c80ccd6e519b45261f28c35246330cfcbf3105ae6ff7d9aed83be119a34ad3083a1fc6d37c8f22d28442c11a0088bb4c8e4293619dbb9e0bec31338d77efb0c64e88957ccb81683912782c68ff35adfb3bc96488b6f2fff645d8b9a1cbd9e2140000"], 0x0) (async)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) (async)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) (async)
r12 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffffe, 0x4002011, r12, 0x40000) (async)
fallocate(r12, 0x0, 0x0, 0x1000f4)

[   68.661945][ T5339] Bluetooth: hci0: command tx timeout
[   68.697163][ T5359] Zero length message leads to an empty skb
[   68.722312][ T5361] ------------[ cut here ]------------
[   68.724606][ T5361] WARNING: CPU: 0 PID: 5361 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   68.729416][ T5361] Modules linked in:
[   68.731160][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.734824][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.739527][ T5361] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   68.742288][ T5361] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   68.750375][ T5361] RSP: 0018:ffffc9000d53f940 EFLAGS: 00010246
[   68.752932][ T5361] RAX: ffffc9000d53f900 RBX: 0000000000000016 RCX: 0000000000000000
[   68.756399][ T5361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d53f9a8
[   68.760133][ T5361] RBP: ffffc9000d53fa40 R08: ffffc9000d53f9a7 R09: 0000000000000000
[   68.763482][ T5361] R10: ffffc9000d53f980 R11: fffff52001aa7f35 R12: 0000000000000000
[   68.767082][ T5361] R13: 1ffff92001aa7f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   68.770464][ T5361] FS:  00007f80f8ff56c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   68.774157][ T5361] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.777177][ T5361] CR2: 00007f80f8ff4fc8 CR3: 0000000044119000 CR4: 0000000000352ef0
[   68.780434][ T5361] Call Trace:
[   68.781892][ T5361]  <TASK>
[   68.783187][ T5361]  ? kasan_save_track+0x3e/0x80
[   68.785457][ T5361]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   68.788191][ T5361]  ? security_file_ioctl+0xcb/0x2d0
[   68.790383][ T5361]  ? policy_nodemask+0x27c/0x720
[   68.792520][ T5361]  alloc_pages_mpol+0x232/0x4a0
[   68.794603][ T5361]  ___kmalloc_large_node+0x5f/0x1b0
[   68.796923][ T5361]  __kmalloc_large_node_noprof+0x18/0x90
[   68.799304][ T5361]  __kmalloc_noprof+0x36f/0x4f0
[   68.801384][ T5361]  ? drm_syncobj_array_find+0x3a/0x450
[   68.803792][ T5361]  drm_syncobj_array_find+0x3a/0x450
[   68.806148][ T5361]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   68.808922][ T5361]  ? drm_dev_exit+0x3a/0x60
[   68.810907][ T5361]  drm_ioctl_kernel+0x2cf/0x390
[   68.813085][ T5361]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.816021][ T5361]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   68.818077][ T5361]  drm_ioctl+0x67f/0xb10
[   68.819894][ T5361]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.822601][ T5361]  ? __pfx_drm_ioctl+0x10/0x10
[   68.824629][ T5361]  ? __fget_files+0x2a/0x420
[   68.826758][ T5361]  ? bpf_lsm_file_ioctl+0x9/0x20
[   68.828857][ T5361]  ? __pfx_drm_ioctl+0x10/0x10
[   68.830759][ T5361]  __se_sys_ioctl+0xfc/0x170
[   68.832836][ T5361]  do_syscall_64+0xfa/0x3b0
[   68.834814][ T5361]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.837113][ T5361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.839701][ T5361]  ? clear_bhb_loop+0x60/0xb0
[   68.841731][ T5361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.844167][ T5361] RIP: 0033:0x7f80fcb8eec9
[   68.846220][ T5361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.854479][ T5361] RSP: 002b:00007f80f8ff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.857941][ T5361] RAX: ffffffffffffffda RBX: 00007f80fcde6180 RCX: 00007f80fcb8eec9
[   68.861562][ T5361] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000006
[   68.864900][ T5361] RBP: 00007f80fcc11f91 R08: 0000000000000000 R09: 0000000000000000
[   68.868390][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.871698][ T5361] R13: 00007f80fcde6218 R14: 00007f80fcde6180 R15: 00007ffc0b848cf8
[   68.875049][ T5361]  </TASK>
[   68.876372][ T5361] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.879321][ T5361] CPU: 0 UID: 0 PID: 5361 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   68.883196][ T5361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.888217][ T5361] Call Trace:
[   68.889588][ T5361]  <TASK>
[   68.890843][ T5361]  dump_stack_lvl+0x99/0x250
[   68.892717][ T5361]  ? __asan_memcpy+0x40/0x70
[   68.894668][ T5361]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.896804][ T5361]  ? __pfx__printk+0x10/0x10
[   68.898741][ T5361]  vpanic+0x281/0x750
[   68.900462][ T5361]  ? __pfx__printk+0x10/0x10
[   68.902388][ T5361]  ? __pfx_vpanic+0x10/0x10
[   68.904378][ T5361]  ? is_bpf_text_address+0x26/0x2b0
[   68.906627][ T5361]  panic+0xb9/0xc0
[   68.908450][ T5361]  ? __pfx_panic+0x10/0x10
[   68.910334][ T5361]  __warn+0x31b/0x4b0
[   68.912069][ T5361]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   68.914584][ T5361]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   68.917177][ T5361]  report_bug+0x2be/0x4f0
[   68.919048][ T5361]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   68.921544][ T5361]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   68.924055][ T5361]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   68.926441][ T5361]  handle_bug+0x84/0x160
[   68.928242][ T5361]  exc_invalid_op+0x1a/0x50
[   68.930102][ T5361]  asm_exc_invalid_op+0x1a/0x20
[   68.932154][ T5361] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   68.934940][ T5361] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   68.942940][ T5361] RSP: 0018:ffffc9000d53f940 EFLAGS: 00010246
[   68.945502][ T5361] RAX: ffffc9000d53f900 RBX: 0000000000000016 RCX: 0000000000000000
[   68.948804][ T5361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d53f9a8
[   68.952144][ T5361] RBP: ffffc9000d53fa40 R08: ffffc9000d53f9a7 R09: 0000000000000000
[   68.955474][ T5361] R10: ffffc9000d53f980 R11: fffff52001aa7f35 R12: 0000000000000000
[   68.959085][ T5361] R13: 1ffff92001aa7f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   68.962582][ T5361]  ? kasan_save_track+0x3e/0x80
[   68.964801][ T5361]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   68.968270][ T5361]  ? security_file_ioctl+0xcb/0x2d0
[   68.970507][ T5361]  ? policy_nodemask+0x27c/0x720
[   68.972824][ T5361]  alloc_pages_mpol+0x232/0x4a0
[   68.975039][ T5361]  ___kmalloc_large_node+0x5f/0x1b0
[   68.977344][ T5361]  __kmalloc_large_node_noprof+0x18/0x90
[   68.979834][ T5361]  __kmalloc_noprof+0x36f/0x4f0
[   68.981961][ T5361]  ? drm_syncobj_array_find+0x3a/0x450
[   68.984361][ T5361]  drm_syncobj_array_find+0x3a/0x450
[   68.986596][ T5361]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   68.989375][ T5361]  ? drm_dev_exit+0x3a/0x60
[   68.991464][ T5361]  drm_ioctl_kernel+0x2cf/0x390
[   68.993587][ T5361]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   68.996670][ T5361]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   68.998983][ T5361]  drm_ioctl+0x67f/0xb10
[   69.000726][ T5361]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   69.003562][ T5361]  ? __pfx_drm_ioctl+0x10/0x10
[   69.005736][ T5361]  ? __fget_files+0x2a/0x420
[   69.007858][ T5361]  ? bpf_lsm_file_ioctl+0x9/0x20
[   69.010001][ T5361]  ? __pfx_drm_ioctl+0x10/0x10
[   69.012001][ T5361]  __se_sys_ioctl+0xfc/0x170
[   69.013838][ T5361]  do_syscall_64+0xfa/0x3b0
[   69.015782][ T5361]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.018024][ T5361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.020715][ T5361]  ? clear_bhb_loop+0x60/0xb0
[   69.022566][ T5361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.025120][ T5361] RIP: 0033:0x7f80fcb8eec9
[   69.027032][ T5361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.035041][ T5361] RSP: 002b:00007f80f8ff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   69.039168][ T5361] RAX: ffffffffffffffda RBX: 00007f80fcde6180 RCX: 00007f80fcb8eec9
[   69.042902][ T5361] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000006
[   69.046000][ T5361] RBP: 00007f80fcc11f91 R08: 0000000000000000 R09: 0000000000000000
[   69.049313][ T5361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.052714][ T5361] R13: 00007f80fcde6218 R14: 00007f80fcde6180 R15: 00007ffc0b848cf8
[   69.056181][ T5361]  </TASK>
[   69.057852][ T5361] Kernel Offset: disabled
[   69.059618][ T5361] Rebooting in 86400 seconds..