program:
r0 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_sys(r3, 0xc008ae88, &(0x7f0000000480)={0x1, 0x0, [{0x400000b7, 0x0, 0x400}]})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r5=>0x0})
r6 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205647, &(0x7f00000000c0)={0x4, 0x1000005, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x9a090e}})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r6, 0xc00864bf, &(0x7f0000000000)={<r8=>0x0, 0x1})
r9 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r9, 0xc00864bf, &(0x7f0000000140))
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r9, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r8], 0x0, 0xa00000000000, 0x1, 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r6, 0xc01864cd, &(0x7f0000000280)={&(0x7f0000000240)=[r8], 0x0})
r10 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r10, 0xc00864bf, &(0x7f0000000000)={<r11=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r10, 0xc03064ca, &(0x7f00000000c0)={&(0x7f00000004c0)=[r11, r11], &(0x7f0000000100)=[0x11], 0xfffffffffffeffff, 0xfffffffffffffda1, 0x2})
r12 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r12, 0xc00864bf, &(0x7f0000000000)={0x0, 0x1})
r13 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r13, 0xc00864bf, &(0x7f0000000140)={<r14=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r13, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000200), 0x0, 0xa39, 0x0, 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000100)={<r15=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(0xffffffffffffffff, 0xc03064ca, &(0x7f0000000200)={&(0x7f0000000140)=[r4, r5, r8, r11, r14, r15], &(0x7f0000000180)=[0x134f, 0x8000000000000001, 0x7fff, 0x2, 0x2, 0x6, 0x1], 0x4, 0x6, 0x6})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xfffffffffffffff3, 0x2)

[   85.373005][ T4707] Bluetooth: hci0: command tx timeout
[   85.574492][ T5368] ------------[ cut here ]------------
[   85.576957][ T5368] WARNING: CPU: 0 PID: 5368 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.581393][ T5368] Modules linked in:
[   85.583247][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.586897][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.591083][ T5368] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.593759][ T5368] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.601082][ T5368] RSP: 0018:ffffc9000d36f8e0 EFLAGS: 00010246
[   85.604051][ T5368] RAX: ffffc9000d36f900 RBX: 0000000000000016 RCX: 0000000000000000
[   85.607359][ T5368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d36f948
[   85.610777][ T5368] RBP: ffffc9000d36f9c8 R08: ffffc9000d36f947 R09: 0000000000000000
[   85.614218][ T5368] R10: ffffc9000d36f920 R11: fffff52001a6df29 R12: 0000000000000000
[   85.617545][ T5368] R13: 1ffff92001a6df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.620478][ T5368] FS:  00007f4f797f56c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
[   85.624319][ T5368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.627154][ T5368] CR2: 00007f4f797f4fc8 CR3: 0000000043763000 CR4: 0000000000352ef0
[   85.630632][ T5368] Call Trace:
[   85.632151][ T5368]  <TASK>
[   85.633612][ T5368]  ? stack_depot_save_flags+0x40/0x860
[   85.635925][ T5368]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.638669][ T5368]  ? kasan_save_track+0x4f/0x80
[   85.640649][ T5368]  ? kasan_save_track+0x3e/0x80
[   85.642901][ T5368]  ? policy_nodemask+0x27c/0x720
[   85.645048][ T5368]  ? do_syscall_64+0xfa/0x3b0
[   85.647142][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.649704][ T5368]  alloc_pages_mpol+0x232/0x4a0
[   85.651886][ T5368]  ___kmalloc_large_node+0x5f/0x1b0
[   85.654156][ T5368]  __kmalloc_large_node_noprof+0x18/0x90
[   85.656437][ T5368]  __kmalloc_noprof+0x36f/0x4f0
[   85.658477][ T5368]  ? drm_syncobj_array_find+0x3a/0x450
[   85.660787][ T5368]  drm_syncobj_array_find+0x3a/0x450
[   85.662977][ T5368]  drm_syncobj_timeline_wait_ioctl+0x1b7/0x560
[   85.666010][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.668968][ T5368]  drm_ioctl_kernel+0x2cf/0x390
[   85.671064][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.674311][ T5368]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.676555][ T5368]  drm_ioctl+0x67f/0xb10
[   85.678482][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.681308][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   85.683293][ T5368]  ? __fget_files+0x2a/0x420
[   85.685096][ T5368]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.687127][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   85.689080][ T5368]  __se_sys_ioctl+0xfc/0x170
[   85.691056][ T5368]  do_syscall_64+0xfa/0x3b0
[   85.693056][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.695316][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.697886][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   85.699775][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.702428][ T5368] RIP: 0033:0x7f4f7d38eec9
[   85.704395][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.713056][ T5368] RSP: 002b:00007f4f797f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.716547][ T5368] RAX: ffffffffffffffda RBX: 00007f4f7d5e6090 RCX: 00007f4f7d38eec9
[   85.720027][ T5368] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000a
[   85.723502][ T5368] RBP: 00007f4f7d411f91 R08: 0000000000000000 R09: 0000000000000000
[   85.726689][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.730140][ T5368] R13: 00007f4f7d5e6128 R14: 00007f4f7d5e6090 R15: 00007ffe8a7e8d48
[   85.733684][ T5368]  </TASK>
[   85.734769][ T5368] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.737253][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.740718][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.745030][ T5368] Call Trace:
[   85.746459][ T5368]  <TASK>
[   85.747809][ T5368]  dump_stack_lvl+0x99/0x250
[   85.749854][ T5368]  ? __asan_memcpy+0x40/0x70
[   85.751838][ T5368]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.754077][ T5368]  ? __pfx__printk+0x10/0x10
[   85.756124][ T5368]  vpanic+0x281/0x750
[   85.757879][ T5368]  ? __pfx__printk+0x10/0x10
[   85.759907][ T5368]  ? __pfx_vpanic+0x10/0x10
[   85.761839][ T5368]  ? is_bpf_text_address+0x26/0x2b0
[   85.764240][ T5368]  panic+0xb9/0xc0
[   85.766007][ T5368]  ? __pfx_panic+0x10/0x10
[   85.768091][ T5368]  __warn+0x31b/0x4b0
[   85.769856][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.772449][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.775080][ T5368]  report_bug+0x2be/0x4f0
[   85.776928][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.779554][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.782266][ T5368]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   85.784888][ T5368]  handle_bug+0x84/0x160
[   85.786811][ T5368]  exc_invalid_op+0x1a/0x50
[   85.788773][ T5368]  asm_exc_invalid_op+0x1a/0x20
[   85.790839][ T5368] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.793753][ T5368] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 14 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.802121][ T5368] RSP: 0018:ffffc9000d36f8e0 EFLAGS: 00010246
[   85.804482][ T5368] RAX: ffffc9000d36f900 RBX: 0000000000000016 RCX: 0000000000000000
[   85.807756][ T5368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d36f948
[   85.811755][ T5368] RBP: ffffc9000d36f9c8 R08: ffffc9000d36f947 R09: 0000000000000000
[   85.816037][ T5368] R10: ffffc9000d36f920 R11: fffff52001a6df29 R12: 0000000000000000
[   85.819671][ T5368] R13: 1ffff92001a6df20 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.823274][ T5368]  ? stack_depot_save_flags+0x40/0x860
[   85.825787][ T5368]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.828803][ T5368]  ? kasan_save_track+0x4f/0x80
[   85.831035][ T5368]  ? kasan_save_track+0x3e/0x80
[   85.833483][ T5368]  ? policy_nodemask+0x27c/0x720
[   85.835896][ T5368]  ? do_syscall_64+0xfa/0x3b0
[   85.838002][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.840647][ T5368]  alloc_pages_mpol+0x232/0x4a0
[   85.842733][ T5368]  ___kmalloc_large_node+0x5f/0x1b0
[   85.845063][ T5368]  __kmalloc_large_node_noprof+0x18/0x90
[   85.847576][ T5368]  __kmalloc_noprof+0x36f/0x4f0
[   85.849752][ T5368]  ? drm_syncobj_array_find+0x3a/0x450
[   85.852157][ T5368]  drm_syncobj_array_find+0x3a/0x450
[   85.854541][ T5368]  drm_syncobj_timeline_wait_ioctl+0x1b7/0x560
[   85.857322][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.860298][ T5368]  drm_ioctl_kernel+0x2cf/0x390
[   85.862409][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.865029][ T5368]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.867517][ T5368]  drm_ioctl+0x67f/0xb10
[   85.869226][ T5368]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.871930][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   85.874022][ T5368]  ? __fget_files+0x2a/0x420
[   85.876026][ T5368]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.878133][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   85.880205][ T5368]  __se_sys_ioctl+0xfc/0x170
[   85.882301][ T5368]  do_syscall_64+0xfa/0x3b0
[   85.884464][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.886759][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.889389][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   85.891557][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.893999][ T5368] RIP: 0033:0x7f4f7d38eec9
[   85.896093][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.903279][ T5368] RSP: 002b:00007f4f797f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.906154][ T5368] RAX: ffffffffffffffda RBX: 00007f4f7d5e6090 RCX: 00007f4f7d38eec9
[   85.909030][ T5368] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 000000000000000a
[   85.912237][ T5368] RBP: 00007f4f7d411f91 R08: 0000000000000000 R09: 0000000000000000
[   85.915617][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.919188][ T5368] R13: 00007f4f7d5e6128 R14: 00007f4f7d5e6090 R15: 00007ffe8a7e8d48
[   85.922625][ T5368]  </TASK>
[   85.924347][ T5368] Kernel Offset: disabled
[   85.926397][ T5368] Rebooting in 86400 seconds..