program:
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(0xffffffffffffffff, 0xc0106450, &(0x7f0000000040))
io_uring_setup(0x662, &(0x7f0000001740)={0x0, 0x0, 0x800, 0x0, 0x10000000}) (async)
io_uring_setup(0x662, &(0x7f0000001740)={0x0, 0x0, 0x800, 0x0, 0x10000000})
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f0000002f00)={0x0, 0x0, 0x0, &(0x7f0000002e40), &(0x7f0000000280)=[0x100000000001]}, 0x20)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000080)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000080))
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
r1 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000000)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r1, 0xc01064c1, &(0x7f0000000240)={r2})
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x40, r4, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}, @ETHTOOL_A_CHANNELS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x40}}, 0x20040000) (async)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x40, r4, 0x1, 0x0, 0x0, {0x10}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}, @ETHTOOL_A_CHANNELS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x40}}, 0x20040000)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r5, 0xc03064ca, &(0x7f0000000480)={&(0x7f00000003c0)=[0x0], 0x0, 0x2000000000ea25, 0x1, 0x3})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, &(0x7f0000000440)={<r6=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r1, 0xc00864c0, &(0x7f0000000500)={r6})
syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000) (async)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
lchown(0x0, 0x0, 0xee00)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, &(0x7f00000000c0)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r7, 0xc03064ca, &(0x7f0000000480)={&(0x7f00000004c0)=[r8], 0x0, 0x2000000000ea25, 0x3be1b4e7fc9a311f, 0x3}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r7, 0xc03064ca, &(0x7f0000000480)={&(0x7f00000004c0)=[r8], 0x0, 0x2000000000ea25, 0x3be1b4e7fc9a311f, 0x3})
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="9c0000002e000100000000000000000004001980860011807a12a28852a96b52ebf86af701006a533431660738db024e6e7af1ff7a3ff2f06994f677f4e6bee0732e71d60d51395d4fe2b2d6e246d59ac71fd989b0fac3beea15d23e4c19b396db2e9f6d5f5e823aeec0a3509f9de88290c21035f12cc5d735de938ac5f356a3e91929bf7a7f2066191405d2af7383af39cce37c050b8055fae4cb6c"], 0x9c}], 0x1, 0x0, 0x0, 0x84}, 0x4000342)
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r7, 0xc00864c0, &(0x7f0000000140)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r7, 0xc00864c0, &(0x7f0000000140))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000100)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000100))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000140))
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000180))
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000400)={0x4, &(0x7f0000000300)=[{}, {}, {}, {}]})

[   92.244584][ T5328] ------------[ cut here ]------------
[   92.247344][ T5328] 1
[   92.247359][ T5328] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5328
[   92.252963][ T5328] Modules linked in:
[   92.255613][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.259769][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.264644][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   92.276997][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b dc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 94 3c f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   92.288518][ T5328] RSP: 0018:ffffc9000e30f8a0 EFLAGS: 00010246
[   92.291166][ T5328] RAX: ffffc9000e30f800 RBX: 0000000000000016 RCX: 0000000000000000
[   92.294584][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e30f908
[   92.298155][ T5328] RBP: ffffc9000e30f990 R08: ffffc9000e30f907 R09: 0000000000000000
[   92.302090][ T5328] R10: ffffc9000e30f8e0 R11: fffff52001c61f21 R12: 0000000000000000
[   92.305990][ T5328] R13: 1ffff92001c61f18 R14: 0000000000040cc0 R15: dffffc0000000000
[   92.309429][ T5328] FS:  00007fcf1d57e6c0(0000) GS:ffff88808c87b000(0000) knlGS:0000000000000000
[   92.313385][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   92.316357][ T5328] CR2: 00007fcf18bf4fe8 CR3: 00000000338ea000 CR4: 0000000000352ef0
[   92.320020][ T5328] Call Trace:
[   92.321461][ T5328]  <TASK>
[   92.322898][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   92.325792][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   92.328207][ T5328]  ? kasan_save_track+0x4f/0x80
[   92.330569][ T5328]  ? kasan_save_track+0x3e/0x80
[   92.332947][ T5328]  ? kasan_save_free_info+0x46/0x50
[   92.335409][ T5328]  ? kfree+0x1c5/0x640
[   92.337283][ T5328]  ? tomoyo_path_number_perm+0x501/0x630
[   92.339728][ T5328]  ? security_file_ioctl+0xc3/0x2a0
[   92.342336][ T5328]  ? __se_sys_ioctl+0x47/0x170
[   92.344718][ T5328]  alloc_pages_mpol+0x235/0x490
[   92.346905][ T5328]  ___kmalloc_large_node+0x4e/0x120
[   92.349156][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   92.351662][ T5328]  __kmalloc_noprof+0x3e8/0x760
[   92.353997][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[   92.356408][ T5328]  drm_syncobj_array_find+0x3a/0x440
[   92.358710][ T5328]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   92.361320][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.364387][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   92.366734][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.369412][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   92.371660][ T5328]  drm_ioctl+0x6ba/0xb80
[   92.373470][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.376077][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   92.378167][ T5328]  ? __fget_files+0x2a/0x420
[   92.380199][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   92.382595][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   92.384696][ T5328]  __se_sys_ioctl+0xfc/0x170
[   92.386847][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.389669][ T5328]  do_syscall_64+0x15f/0xf80
[   92.391822][ T5328]  ? clear_bhb_loop+0x40/0x90
[   92.393969][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.396520][ T5328] RIP: 0033:0x7fcf1c79ce59
[   92.398227][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.406962][ T5328] RSP: 002b:00007fcf1d57dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.410821][ T5328] RAX: ffffffffffffffda RBX: 00007fcf1ca16180 RCX: 00007fcf1c79ce59
[   92.414441][ T5328] RDX: 0000200000000480 RSI: 00000000c03064ca RDI: 000000000000000b
[   92.418075][ T5328] RBP: 00007fcf1c832d6f R08: 0000000000000000 R09: 0000000000000000
[   92.421853][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.425140][ T5328] R13: 00007fcf1ca16218 R14: 00007fcf1ca16180 R15: 00007ffe55c69d08
[   92.428754][ T5328]  </TASK>
[   92.430342][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   92.433949][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.438094][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.442535][ T5328] Call Trace:
[   92.443998][ T5328]  <TASK>
[   92.445216][ T5328]  vpanic+0x56c/0xa60
[   92.446957][ T5328]  ? __pfx__printk+0x10/0x10
[   92.449286][ T5328]  ? __pfx_vpanic+0x10/0x10
[   92.451456][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   92.453791][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   92.456058][ T5328]  panic+0xc5/0xd0
[   92.457912][ T5328]  ? __pfx_panic+0x10/0x10
[   92.460030][ T5328]  __warn+0x315/0x4c0
[   92.461867][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   92.464623][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   92.467518][ T5328]  __report_bug+0x29a/0x540
[   92.469817][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   92.472448][ T5328]  ? __pfx___report_bug+0x10/0x10
[   92.474633][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   92.476898][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   92.479283][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   92.481904][ T5328]  report_bug+0x16a/0x220
[   92.483904][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   92.486573][ T5328]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   92.489199][ T5328]  handle_bug+0x9c/0x200
[   92.491181][ T5328]  exc_invalid_op+0x1a/0x50
[   92.493302][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   92.495400][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   92.498175][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b dc 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 94 3c f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   92.506733][ T5328] RSP: 0018:ffffc9000e30f8a0 EFLAGS: 00010246
[   92.509467][ T5328] RAX: ffffc9000e30f800 RBX: 0000000000000016 RCX: 0000000000000000
[   92.512809][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e30f908
[   92.516109][ T5328] RBP: ffffc9000e30f990 R08: ffffc9000e30f907 R09: 0000000000000000
[   92.519508][ T5328] R10: ffffc9000e30f8e0 R11: fffff52001c61f21 R12: 0000000000000000
[   92.522815][ T5328] R13: 1ffff92001c61f18 R14: 0000000000040cc0 R15: dffffc0000000000
[   92.526103][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   92.528759][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   92.531048][ T5328]  ? kasan_save_track+0x4f/0x80
[   92.533315][ T5328]  ? kasan_save_track+0x3e/0x80
[   92.535426][ T5328]  ? kasan_save_free_info+0x46/0x50
[   92.537636][ T5328]  ? kfree+0x1c5/0x640
[   92.539370][ T5328]  ? tomoyo_path_number_perm+0x501/0x630
[   92.541602][ T5328]  ? security_file_ioctl+0xc3/0x2a0
[   92.543880][ T5328]  ? __se_sys_ioctl+0x47/0x170
[   92.546062][ T5328]  alloc_pages_mpol+0x235/0x490
[   92.548421][ T5328]  ___kmalloc_large_node+0x4e/0x120
[   92.550806][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   92.553339][ T5328]  __kmalloc_noprof+0x3e8/0x760
[   92.555532][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[   92.558090][ T5328]  drm_syncobj_array_find+0x3a/0x440
[   92.560435][ T5328]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   92.563084][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.566743][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   92.569207][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.572465][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   92.575109][ T5328]  drm_ioctl+0x6ba/0xb80
[   92.577119][ T5328]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   92.580099][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   92.582317][ T5328]  ? __fget_files+0x2a/0x420
[   92.584575][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   92.587030][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   92.589192][ T5328]  __se_sys_ioctl+0xfc/0x170
[   92.591313][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.593969][ T5328]  do_syscall_64+0x15f/0xf80
[   92.595961][ T5328]  ? clear_bhb_loop+0x40/0x90
[   92.598317][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.600859][ T5328] RIP: 0033:0x7fcf1c79ce59
[   92.603399][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.611640][ T5328] RSP: 002b:00007fcf1d57dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.615591][ T5328] RAX: ffffffffffffffda RBX: 00007fcf1ca16180 RCX: 00007fcf1c79ce59
[   92.619267][ T5328] RDX: 0000200000000480 RSI: 00000000c03064ca RDI: 000000000000000b
[   92.622369][ T5328] RBP: 00007fcf1c832d6f R08: 0000000000000000 R09: 0000000000000000
[   92.626022][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.629712][ T5328] R13: 00007fcf1ca16218 R14: 00007fcf1ca16180 R15: 00007ffe55c69d08
[   92.633428][ T5328]  </TASK>
[   92.635334][ T5328] Kernel Offset: disabled
[   92.637411][ T5328] Rebooting in 86400 seconds..