program:
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x88401)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000240)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={<r2=>0x0, 0x1})
mremap(&(0x7f0000fff000/0x1000)=nil, 0x7fffdf003000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r0, 0xc02864c3, &(0x7f0000000400)={&(0x7f00000001c0)=[r1, r2], 0x6, 0x4000018d, 0xb})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r1, r2, r2], 0x0, 0x3})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @fd=r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000300)={&(0x7f00000000c0)=[<r4=>0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x0, 0xe0e0e0e0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000480)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[<r5=>0x0], &(0x7f00000003c0)=[0x0, <r6=>0x0, <r7=>0x0], &(0x7f0000000440)=[0x0, <r8=>0x0, 0x0, 0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x0], 0x5, 0x1, 0x3, 0x9})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000500)={&(0x7f0000000100)=[r4, r8, r6, r7, r9, r5, r9, 0x0], 0x4000000000000168, 0x80000, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000280)={<r11=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r10, 0xc00864c0, &(0x7f0000000200)={r11})

[  102.792385][ T4666] Bluetooth: hci0: command tx timeout
[  102.882267][ T5330] ------------[ cut here ]------------
[  102.885378][ T5330] 1
[  102.885393][ T5330] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5330
[  102.892045][ T5330] Modules linked in:
[  102.893660][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.897135][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.901574][ T5330] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  102.905018][ T5330] Code: 74 10 4c 89 e7 89 54 24 0c e8 1b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 26 94 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  102.913481][ T5330] RSP: 0018:ffffc9000f4578c0 EFLAGS: 00010246
[  102.916134][ T5330] RAX: ffffc9000f457900 RBX: 0000000000000015 RCX: 0000000000000000
[  102.919393][ T5330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f457928
[  102.923537][ T5330] RBP: ffffc9000f4579a8 R08: ffffc9000f457927 R09: 0000000000000000
[  102.927241][ T5330] R10: ffffc9000f457900 R11: fffff52001e8af25 R12: 0000000000000000
[  102.930558][ T5330] R13: 1ffff92001e8af1c R14: 0000000000040cc0 R15: dffffc0000000000
[  102.934005][ T5330] FS:  00007f3494bc16c0(0000) GS:ffff88808ca4e000(0000) knlGS:0000000000000000
[  102.938395][ T5330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.941202][ T5330] CR2: 00007f349400c020 CR3: 0000000012a46000 CR4: 0000000000352ef0
[  102.944908][ T5330] Call Trace:
[  102.946661][ T5330]  <TASK>
[  102.948457][ T5330]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  102.951966][ T5330]  ? __pfx_policy_nodemask+0x10/0x10
[  102.955057][ T5330]  ? kasan_save_free_info+0x46/0x50
[  102.957324][ T5330]  ? __kasan_slab_free+0x5c/0x80
[  102.959662][ T5330]  ? kfree+0x1c1/0x630
[  102.961476][ T5330]  ? tomoyo_path_number_perm+0x501/0x630
[  102.964142][ T5330]  ? security_file_ioctl+0xc3/0x2a0
[  102.967064][ T5330]  ? do_syscall_64+0x14d/0xf80
[  102.969786][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.972648][ T5330]  alloc_pages_mpol+0x232/0x4a0
[  102.974954][ T5330]  ___kmalloc_large_node+0x4e/0x150
[  102.977327][ T5330]  __kmalloc_large_node_noprof+0x18/0x90
[  102.980034][ T5330]  __kmalloc_noprof+0x3e8/0x760
[  102.982563][ T5330]  ? drm_syncobj_array_find+0x3a/0x440
[  102.985695][ T5330]  drm_syncobj_array_find+0x3a/0x440
[  102.989622][ T5330]  drm_syncobj_wait_ioctl+0x200/0x690
[  102.992811][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  102.995759][ T5330]  drm_ioctl_kernel+0x2df/0x3b0
[  102.997926][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  103.000515][ T5330]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  103.002941][ T5330]  drm_ioctl+0x6ba/0xb80
[  103.004836][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  103.008292][ T5330]  ? __pfx_drm_ioctl+0x10/0x10
[  103.011568][ T5330]  ? __fget_files+0x2a/0x420
[  103.014874][ T5330]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.017263][ T5330]  ? __pfx_drm_ioctl+0x10/0x10
[  103.019521][ T5330]  __se_sys_ioctl+0xfc/0x170
[  103.021676][ T5330]  do_syscall_64+0x14d/0xf80
[  103.023773][ T5330]  ? trace_irq_disable+0x3b/0x150
[  103.026311][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.030157][ T5330]  ? clear_bhb_loop+0x40/0x90
[  103.032637][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.035199][ T5330] RIP: 0033:0x7f3493d9c819
[  103.037138][ T5330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.046158][ T5330] RSP: 002b:00007f3494bc0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.051592][ T5330] RAX: ffffffffffffffda RBX: 00007f3494015fa0 RCX: 00007f3493d9c819
[  103.055221][ T5330] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003
[  103.058728][ T5330] RBP: 00007f3493e32c91 R08: 0000000000000000 R09: 0000000000000000
[  103.062321][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.066636][ T5330] R13: 00007f3494016038 R14: 00007f3494015fa0 R15: 00007ffdda38f298
[  103.071267][ T5330]  </TASK>
[  103.073215][ T5330] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  103.077037][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.081515][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.086426][ T5330] Call Trace:
[  103.088143][ T5330]  <TASK>
[  103.089596][ T5330]  vpanic+0x56c/0xa60
[  103.091490][ T5330]  ? __pfx__printk+0x10/0x10
[  103.093996][ T5330]  ? __pfx_vpanic+0x10/0x10
[  103.096130][ T5330]  ? is_bpf_text_address+0x292/0x2b0
[  103.098575][ T5330]  ? is_bpf_text_address+0x26/0x2b0
[  103.101032][ T5330]  panic+0xc5/0xd0
[  103.102802][ T5330]  ? __pfx_panic+0x10/0x10
[  103.104844][ T5330]  __warn+0x315/0x4f0
[  103.106573][ T5330]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  103.109566][ T5330]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  103.112792][ T5330]  __report_bug+0x29a/0x540
[  103.114836][ T5330]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  103.117431][ T5330]  ? __pfx___report_bug+0x10/0x10
[  103.119624][ T5330]  ? is_bpf_text_address+0x26/0x2b0
[  103.122227][ T5330]  ? is_bpf_text_address+0x292/0x2b0
[  103.124897][ T5330]  ? is_bpf_text_address+0x26/0x2b0
[  103.127573][ T5330]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  103.130122][ T5330]  report_bug+0x16a/0x220
[  103.131866][ T5330]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  103.134547][ T5330]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[  103.137220][ T5330]  handle_bug+0x9c/0x200
[  103.139658][ T5330]  exc_invalid_op+0x1a/0x50
[  103.142428][ T5330]  asm_exc_invalid_op+0x1a/0x20
[  103.145164][ T5330] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  103.148291][ T5330] Code: 74 10 4c 89 e7 89 54 24 0c e8 1b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 26 94 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  103.157867][ T5330] RSP: 0018:ffffc9000f4578c0 EFLAGS: 00010246
[  103.161099][ T5330] RAX: ffffc9000f457900 RBX: 0000000000000015 RCX: 0000000000000000
[  103.165379][ T5330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f457928
[  103.169079][ T5330] RBP: ffffc9000f4579a8 R08: ffffc9000f457927 R09: 0000000000000000
[  103.172956][ T5330] R10: ffffc9000f457900 R11: fffff52001e8af25 R12: 0000000000000000
[  103.176984][ T5330] R13: 1ffff92001e8af1c R14: 0000000000040cc0 R15: dffffc0000000000
[  103.181068][ T5330]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  103.183863][ T5330]  ? __pfx_policy_nodemask+0x10/0x10
[  103.186106][ T5330]  ? kasan_save_free_info+0x46/0x50
[  103.188465][ T5330]  ? __kasan_slab_free+0x5c/0x80
[  103.191339][ T5330]  ? kfree+0x1c1/0x630
[  103.193860][ T5330]  ? tomoyo_path_number_perm+0x501/0x630
[  103.196554][ T5330]  ? security_file_ioctl+0xc3/0x2a0
[  103.199015][ T5330]  ? do_syscall_64+0x14d/0xf80
[  103.201055][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.203905][ T5330]  alloc_pages_mpol+0x232/0x4a0
[  103.206659][ T5330]  ___kmalloc_large_node+0x4e/0x150
[  103.209977][ T5330]  __kmalloc_large_node_noprof+0x18/0x90
[  103.212699][ T5330]  __kmalloc_noprof+0x3e8/0x760
[  103.214766][ T5330]  ? drm_syncobj_array_find+0x3a/0x440
[  103.217245][ T5330]  drm_syncobj_array_find+0x3a/0x440
[  103.219669][ T5330]  drm_syncobj_wait_ioctl+0x200/0x690
[  103.222274][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  103.225326][ T5330]  drm_ioctl_kernel+0x2df/0x3b0
[  103.227787][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  103.230823][ T5330]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  103.233970][ T5330]  drm_ioctl+0x6ba/0xb80
[  103.236564][ T5330]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[  103.240375][ T5330]  ? __pfx_drm_ioctl+0x10/0x10
[  103.243473][ T5330]  ? __fget_files+0x2a/0x420
[  103.245891][ T5330]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.248192][ T5330]  ? __pfx_drm_ioctl+0x10/0x10
[  103.250246][ T5330]  __se_sys_ioctl+0xfc/0x170
[  103.252408][ T5330]  do_syscall_64+0x14d/0xf80
[  103.254700][ T5330]  ? trace_irq_disable+0x3b/0x150
[  103.257418][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.260836][ T5330]  ? clear_bhb_loop+0x40/0x90
[  103.263267][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.265899][ T5330] RIP: 0033:0x7f3493d9c819
[  103.267959][ T5330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.277813][ T5330] RSP: 002b:00007f3494bc0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.281541][ T5330] RAX: ffffffffffffffda RBX: 00007f3494015fa0 RCX: 00007f3493d9c819
[  103.285239][ T5330] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003
[  103.289375][ T5330] RBP: 00007f3493e32c91 R08: 0000000000000000 R09: 0000000000000000
[  103.293232][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.296791][ T5330] R13: 00007f3494016038 R14: 00007f3494015fa0 R15: 00007ffdda38f298
[  103.300535][ T5330]  </TASK>
[  103.302652][ T5330] Kernel Offset: disabled
[  103.304883][ T5330] Rebooting in 86400 seconds..