program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6000000002060500000000000000000000000000140007800800064000000000080013400000000005000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a6970"], 0x60}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000600)={0xb8, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x74, 0x7, 0x0, 0x1, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x10000}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x4}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @loopback}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xa}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00'}}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x3}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x7}]}]}, 0xb8}}, 0x0)
r2 = socket(0x10, 0x800000003, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000100)={@multicast1, @local}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x156, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000308004a16014800640000e3069078ac1e0101e00000028927dfac1414317f0000016401010100000000ac1e01010a010102ac141442ac1e000100000000000144129290e563c62a2bf56bda7a9730e9d2b54412ec5a034165b3108b2e618b6d18e87a29440c66616401010200000002831316ac1e01010a0101010000000000000000072bb400000000ac1414aa64010102ac1414aaac1e0001000800007f0000010000000064010101e0000002443cf0c30000000000000007e0000002000000010000000000000005ac1e000100000fffe0000002000000060a01010200000400ffffffff0000000a000000000000000000000000000000000100004e2300004e200000000200000001000000000000000000000005000000ba00000008001cc080fffffff90000041f000000800000000400000003000008000000000500e4000800000004000000605fcb71dcdb4904b0954b0b4d83453457888dcca991f4efb29d24563597c30c9dc8e20ed6741afdc553ecc01110f0c8c51bd695a2366b6709fe71c4d600983c9847f0d4a103dde718b4ad90e78d16362bcc12a3c0572b04fb0409cd01501a0f190a60fb5b4201b5bae93c45f5ccf385eb1b37d339a1425c4fb7c9c78b4142669c22abb3ce25b688da9f696bb96fc8a13d2236eafe498e0b20843fa88295d051383df80f937787ec1e574a770ca8fcba30e4bc08c2b8761131c915ed6cfa2dc15b3a265c3c874fd2e0ded9417f7767b6a6252a55befe365f4866361cd08028a605790f2ffe18990b42826a010b8b0ec380ca9bc4262d9961b3c531cd637a82"], 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r8, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[0x0], 0x0, 0xaaaf1adf0c8e1397})
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x38, 0x1, 0x1, 0x301, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0xfffffd52, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}]}, @CTA_TUPLE_REPLY={0x0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @private2}, {0x0, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0x0, 0x2, 0x0, 0x1, {0x0, 0x1, 0x6}}, @CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @mcast1}, {0x0, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv4={{0x0, 0x1, @dev={0xac, 0x14, 0x14, 0x15}}, {0x0, 0x2, @private=0xa010101}}}, @CTA_TUPLE_ZONE={0x0, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x0, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x0, 0x4, @remote}}}]}]}, 0x38}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
r10 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r10, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r11 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r11, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r12)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r12, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[   69.789318][ T5299] Bluetooth: hci0: command tx timeout
[   69.911992][ T5315] ------------[ cut here ]------------
[   69.914056][ T5315] WARNING: CPU: 0 PID: 5315 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x3c5/0x710
[   69.917809][ T5315] Modules linked in:
[   69.919295][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00232-g4800575d8c0b #0
[   69.923386][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.927541][ T5315] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710
[   69.929741][ T5315] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 c6 bb 0b 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e
[   69.936896][ T5315] RSP: 0018:ffffc9000d377900 EFLAGS: 00010246
[   69.939207][ T5315] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   69.942078][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d377988
[   69.945041][ T5315] RBP: ffffc9000d377a18 R08: ffffc9000d377987 R09: 0000000000000000
[   69.948092][ T5315] R10: ffffc9000d377960 R11: fffff52001a6ef31 R12: 0000000000000012
[   69.950848][ T5315] R13: 0000000000040cc0 R14: 1ffff92001a6ef28 R15: 1ffff92001a6ef24
[   69.953602][ T5315] FS:  00007f9ed5be16c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   69.956611][ T5315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.958926][ T5315] CR2: 00007f9ed4d69ae0 CR3: 0000000042862000 CR4: 0000000000352ef0
[   69.962066][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.964917][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.967935][ T5315] Call Trace:
[   69.969172][ T5315]  <TASK>
[   69.970274][ T5315]  ? __warn+0x165/0x4d0
[   69.971727][ T5315]  ? __alloc_pages_noprof+0x3c5/0x710
[   69.973933][ T5315]  ? report_bug+0x2b3/0x500
[   69.975721][ T5315]  ? __alloc_pages_noprof+0x3c5/0x710
[   69.977692][ T5315]  ? handle_bug+0x60/0x90
[   69.979184][ T5315]  ? exc_invalid_op+0x1a/0x50
[   69.981004][ T5315]  ? asm_exc_invalid_op+0x1a/0x20
[   69.982901][ T5315]  ? __alloc_pages_noprof+0x3c5/0x710
[   69.984762][ T5315]  ? kasan_save_track+0x51/0x80
[   69.986422][ T5315]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   69.988551][ T5315]  ? __lock_acquire+0x1397/0x2100
[   69.990413][ T5315]  ___kmalloc_large_node+0x8b/0x1d0
[   69.992350][ T5315]  __kmalloc_large_node_noprof+0x1a/0x80
[   69.994355][ T5315]  __kmalloc_noprof+0x339/0x4c0
[   69.996089][ T5315]  ? drm_syncobj_array_find+0x3a/0x460
[   69.998298][ T5315]  drm_syncobj_array_find+0x3a/0x460
[   70.000336][ T5315]  drm_syncobj_timeline_signal_ioctl+0x1f2/0x880
[   70.002735][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.005203][ T5315]  ? drm_dev_enter+0x48/0x160
[   70.007123][ T5315]  drm_ioctl_kernel+0x337/0x440
[   70.009189][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.011760][ T5315]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   70.013741][ T5315]  ? __might_fault+0xc6/0x120
[   70.015414][ T5315]  drm_ioctl+0x60e/0xad0
[   70.017007][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.019526][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   70.021375][ T5315]  ? __fget_files+0x2a/0x410
[   70.023053][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   70.024813][ T5315]  __se_sys_ioctl+0xf5/0x170
[   70.026708][ T5315]  do_syscall_64+0xf3/0x230
[   70.028416][ T5315]  ? clear_bhb_loop+0x35/0x90
[   70.030119][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.032306][ T5315] RIP: 0033:0x7f9ed4d85d19
[   70.033819][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.040390][ T5315] RSP: 002b:00007f9ed5be1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.043304][ T5315] RAX: ffffffffffffffda RBX: 00007f9ed4f76080 RCX: 00007f9ed4d85d19
[   70.046128][ T5315] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000006
[   70.049672][ T5315] RBP: 00007f9ed4e01a20 R08: 0000000000000000 R09: 0000000000000000
[   70.052226][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.055076][ T5315] R13: 0000000000000000 R14: 00007f9ed4f76080 R15: 00007ffef42d4208
[   70.058179][ T5315]  </TASK>
[   70.059432][ T5315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.061854][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00232-g4800575d8c0b #0
[   70.065559][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.069229][ T5315] Call Trace:
[   70.070392][ T5315]  <TASK>
[   70.071506][ T5315]  dump_stack_lvl+0x241/0x360
[   70.073340][ T5315]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.075237][ T5315]  ? __pfx__printk+0x10/0x10
[   70.076894][ T5315]  ? _printk+0xd5/0x120
[   70.078441][ T5315]  ? __init_begin+0x41000/0x41000
[   70.080164][ T5315]  ? vscnprintf+0x5d/0x90
[   70.081837][ T5315]  panic+0x349/0x880
[   70.083111][ T5315]  ? __warn+0x174/0x4d0
[   70.084524][ T5315]  ? __pfx_panic+0x10/0x10
[   70.086138][ T5315]  __warn+0x344/0x4d0
[   70.087618][ T5315]  ? __alloc_pages_noprof+0x3c5/0x710
[   70.089559][ T5315]  report_bug+0x2b3/0x500
[   70.091099][ T5315]  ? __alloc_pages_noprof+0x3c5/0x710
[   70.092864][ T5315]  handle_bug+0x60/0x90
[   70.094252][ T5315]  exc_invalid_op+0x1a/0x50
[   70.095755][ T5315]  asm_exc_invalid_op+0x1a/0x20
[   70.097450][ T5315] RIP: 0010:__alloc_pages_noprof+0x3c5/0x710
[   70.099701][ T5315] Code: ff df 0f 85 09 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f9 00 00 00 c6 05 c6 bb 0b 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 13 fd ff ff 45 31 e4 48 c7 44 24 20 0e
[   70.106625][ T5315] RSP: 0018:ffffc9000d377900 EFLAGS: 00010246
[   70.109329][ T5315] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   70.112286][ T5315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d377988
[   70.115038][ T5315] RBP: ffffc9000d377a18 R08: ffffc9000d377987 R09: 0000000000000000
[   70.117776][ T5315] R10: ffffc9000d377960 R11: fffff52001a6ef31 R12: 0000000000000012
[   70.124675][ T5315] R13: 0000000000040cc0 R14: 1ffff92001a6ef28 R15: 1ffff92001a6ef24
[   70.128025][ T5315]  ? kasan_save_track+0x51/0x80
[   70.130169][ T5315]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   70.132663][ T5315]  ? __lock_acquire+0x1397/0x2100
[   70.134610][ T5315]  ___kmalloc_large_node+0x8b/0x1d0
[   70.136414][ T5315]  __kmalloc_large_node_noprof+0x1a/0x80
[   70.138226][ T5315]  __kmalloc_noprof+0x339/0x4c0
[   70.139837][ T5315]  ? drm_syncobj_array_find+0x3a/0x460
[   70.141881][ T5315]  drm_syncobj_array_find+0x3a/0x460
[   70.143812][ T5315]  drm_syncobj_timeline_signal_ioctl+0x1f2/0x880
[   70.145877][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.148312][ T5315]  ? drm_dev_enter+0x48/0x160
[   70.149937][ T5315]  drm_ioctl_kernel+0x337/0x440
[   70.151802][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.154309][ T5315]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   70.156168][ T5315]  ? __might_fault+0xc6/0x120
[   70.157814][ T5315]  drm_ioctl+0x60e/0xad0
[   70.159305][ T5315]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   70.161559][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   70.163291][ T5315]  ? __fget_files+0x2a/0x410
[   70.164902][ T5315]  ? __pfx_drm_ioctl+0x10/0x10
[   70.166712][ T5315]  __se_sys_ioctl+0xf5/0x170
[   70.168352][ T5315]  do_syscall_64+0xf3/0x230
[   70.170030][ T5315]  ? clear_bhb_loop+0x35/0x90
[   70.171759][ T5315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.174270][ T5315] RIP: 0033:0x7f9ed4d85d19
[   70.176278][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.183726][ T5315] RSP: 002b:00007f9ed5be1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.186780][ T5315] RAX: ffffffffffffffda RBX: 00007f9ed4f76080 RCX: 00007f9ed4d85d19
[   70.189607][ T5315] RDX: 0000000020000180 RSI: 00000000c01864cd RDI: 0000000000000006
[   70.192404][ T5315] RBP: 00007f9ed4e01a20 R08: 0000000000000000 R09: 0000000000000000
[   70.195394][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.198254][ T5315] R13: 0000000000000000 R14: 00007f9ed4f76080 R15: 00007ffef42d4208
[   70.200691][ T5315]  </TASK>
[   70.202140][ T5315] Kernel Offset: disabled
[   70.203740][ T5315] Rebooting in 86400 seconds..