program:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000280)={<r0=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(0xffffffffffffffff, 0xc02064cc, &(0x7f00000001c0)={0x0, r0, 0x3, 0x0, 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(0xffffffffffffffff, 0xc00864c0, &(0x7f0000000140))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000040)={0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000300)={&(0x7f0000000100)=[0x0], &(0x7f0000000240)=[0xffffffffffff7fff], 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)={<r1=>0x0})
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000240)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000000)={<r4=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r2, 0xc02864c3, &(0x7f0000000400)={&(0x7f00000001c0)=[0x0, r4], 0x7ffffffffffffff, 0x3ffffd36})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r2, 0xc00864c0, &(0x7f00000002c0)={r4})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r2, 0xc01064c1, &(0x7f0000000300)={r3, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01064c2, &(0x7f0000000340)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r3], 0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={<r6=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000180)={<r7=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(0xffffffffffffffff, 0xc01864cb, &(0x7f0000000400)={&(0x7f00000001c0)=[0x0, 0x0, r1, 0x0, r3, r6, r7], &(0x7f0000000200)=[0x4, 0x9, 0x400, 0x8000000000000000, 0x1, 0x1, 0x6], 0x7, 0x1})
r8 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r8, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r8, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c)
r9 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r9, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_FLUSH(r9, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4)
r10 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'bond0\x00', <r11=>0x0})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x0, r10}, 0x18)
r12 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newlink={0x64, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}, @IFLA_MACVLAN_MACADDR={0xa, 0x9, @dev}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r11}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}]}, 0x64}}, 0x0)

[   75.401184][ T5310] Bluetooth: hci0: command tx timeout
[   75.469078][ T5332] ------------[ cut here ]------------
[   75.471453][ T5332] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5332
[   75.476044][ T5332] Modules linked in:
[   75.477859][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.481757][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.486545][ T5332] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   75.489411][ T5332] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 33 59 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   75.497724][ T5332] RSP: 0018:ffffc9000a1d78e0 EFLAGS: 00010246
[   75.500163][ T5332] RAX: ffffc9000a1d7900 RBX: 0000000000000014 RCX: 0000000000000000
[   75.504202][ T5332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000a1d7948
[   75.508019][ T5332] RBP: ffffc9000a1d79c8 R08: ffffc9000a1d7947 R09: 0000000000000000
[   75.511381][ T5332] R10: ffffc9000a1d7920 R11: fffff5200143af29 R12: 0000000000000000
[   75.515236][ T5332] R13: 1ffff9200143af20 R14: 0000000000040cc0 R15: dffffc0000000000
[   75.518741][ T5332] FS:  00007fc7a036f6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[   75.522463][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.525486][ T5332] CR2: 00007fc79f7d38f0 CR3: 00000000111a0000 CR4: 0000000000352ef0
[   75.528991][ T5332] Call Trace:
[   75.530383][ T5332]  <TASK>
[   75.531673][ T5332]  ? stack_depot_save_flags+0x33/0x810
[   75.533837][ T5332]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   75.536215][ T5332]  ? kasan_save_free_info+0x46/0x50
[   75.538305][ T5332]  ? __kasan_slab_free+0x5c/0x80
[   75.540262][ T5332]  ? policy_nodemask+0x27c/0x720
[   75.542087][ T5332]  alloc_pages_mpol+0x232/0x4a0
[   75.544318][ T5332]  ___kmalloc_large_node+0x4e/0x150
[   75.546609][ T5332]  __kmalloc_large_node_noprof+0x18/0x90
[   75.548883][ T5332]  __kmalloc_noprof+0x4c9/0x800
[   75.550975][ T5332]  ? drm_syncobj_array_find+0x3a/0x450
[   75.553480][ T5332]  ? __lock_acquire+0x6b6/0x2cf0
[   75.555621][ T5332]  drm_syncobj_array_find+0x3a/0x450
[   75.558001][ T5332]  drm_syncobj_wait_ioctl+0x208/0x520
[   75.560224][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.562636][ T5332]  drm_ioctl_kernel+0x2cf/0x390
[   75.564917][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.567676][ T5332]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   75.569982][ T5332]  drm_ioctl+0x67f/0xb10
[   75.571856][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.574199][ T5332]  ? __pfx_drm_ioctl+0x10/0x10
[   75.576305][ T5332]  ? __fget_files+0x2a/0x420
[   75.578568][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.580810][ T5332]  ? __pfx_drm_ioctl+0x10/0x10
[   75.583133][ T5332]  __se_sys_ioctl+0xfc/0x170
[   75.585130][ T5332]  do_syscall_64+0xec/0xf80
[   75.587299][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.589933][ T5332]  ? trace_irq_disable+0x37/0x100
[   75.592158][ T5332]  ? clear_bhb_loop+0x60/0xb0
[   75.594327][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.597149][ T5332] RIP: 0033:0x7fc79f58f7c9
[   75.599133][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.607263][ T5332] RSP: 002b:00007fc7a036f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.610581][ T5332] RAX: ffffffffffffffda RBX: 00007fc79f7e5fa0 RCX: 00007fc79f58f7c9
[   75.613967][ T5332] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003
[   75.617551][ T5332] RBP: 00007fc79f613f91 R08: 0000000000000000 R09: 0000000000000000
[   75.621229][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.624346][ T5332] R13: 00007fc79f7e6038 R14: 00007fc79f7e5fa0 R15: 00007ffef387e8f8
[   75.627717][ T5332]  </TASK>
[   75.629056][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.632239][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.636542][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.641047][ T5332] Call Trace:
[   75.642830][ T5332]  <TASK>
[   75.644126][ T5332]  vpanic+0x1e0/0x670
[   75.645931][ T5332]  panic+0xb9/0xc0
[   75.647500][ T5332]  ? __pfx_panic+0x10/0x10
[   75.649208][ T5332]  __warn+0x317/0x4b0
[   75.650717][ T5332]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.653036][ T5332]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.655440][ T5332]  __report_bug+0x288/0x500
[   75.657304][ T5332]  ? unwind_next_frame+0xa5/0x23d0
[   75.659290][ T5332]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.661610][ T5332]  ? __pfx___report_bug+0x10/0x10
[   75.663812][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   75.666124][ T5332]  ? is_bpf_text_address+0x292/0x2b0
[   75.668475][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   75.670693][ T5332]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.673276][ T5332]  report_bug+0x16a/0x220
[   75.675204][ T5332]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   75.677857][ T5332]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   75.680331][ T5332]  handle_bug+0x98/0x200
[   75.682221][ T5332]  exc_invalid_op+0x1a/0x50
[   75.684180][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   75.686248][ T5332] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   75.689040][ T5332] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 33 59 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   75.697299][ T5332] RSP: 0018:ffffc9000a1d78e0 EFLAGS: 00010246
[   75.699977][ T5332] RAX: ffffc9000a1d7900 RBX: 0000000000000014 RCX: 0000000000000000
[   75.703460][ T5332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000a1d7948
[   75.706928][ T5332] RBP: ffffc9000a1d79c8 R08: ffffc9000a1d7947 R09: 0000000000000000
[   75.710293][ T5332] R10: ffffc9000a1d7920 R11: fffff5200143af29 R12: 0000000000000000
[   75.713803][ T5332] R13: 1ffff9200143af20 R14: 0000000000040cc0 R15: dffffc0000000000
[   75.717286][ T5332]  ? stack_depot_save_flags+0x33/0x810
[   75.719693][ T5332]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   75.722382][ T5332]  ? kasan_save_free_info+0x46/0x50
[   75.724639][ T5332]  ? __kasan_slab_free+0x5c/0x80
[   75.726800][ T5332]  ? policy_nodemask+0x27c/0x720
[   75.728802][ T5332]  alloc_pages_mpol+0x232/0x4a0
[   75.730994][ T5332]  ___kmalloc_large_node+0x4e/0x150
[   75.733325][ T5332]  __kmalloc_large_node_noprof+0x18/0x90
[   75.735752][ T5332]  __kmalloc_noprof+0x4c9/0x800
[   75.738001][ T5332]  ? drm_syncobj_array_find+0x3a/0x450
[   75.740526][ T5332]  ? __lock_acquire+0x6b6/0x2cf0
[   75.742761][ T5332]  drm_syncobj_array_find+0x3a/0x450
[   75.745167][ T5332]  drm_syncobj_wait_ioctl+0x208/0x520
[   75.747508][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.750023][ T5332]  drm_ioctl_kernel+0x2cf/0x390
[   75.752166][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.754703][ T5332]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   75.756939][ T5332]  drm_ioctl+0x67f/0xb10
[   75.758706][ T5332]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   75.761311][ T5332]  ? __pfx_drm_ioctl+0x10/0x10
[   75.763622][ T5332]  ? __fget_files+0x2a/0x420
[   75.765652][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.767826][ T5332]  ? __pfx_drm_ioctl+0x10/0x10
[   75.769891][ T5332]  __se_sys_ioctl+0xfc/0x170
[   75.771881][ T5332]  do_syscall_64+0xec/0xf80
[   75.774245][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.777168][ T5332]  ? trace_irq_disable+0x37/0x100
[   75.779364][ T5332]  ? clear_bhb_loop+0x60/0xb0
[   75.781375][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.783975][ T5332] RIP: 0033:0x7fc79f58f7c9
[   75.786000][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.794492][ T5332] RSP: 002b:00007fc7a036f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.798140][ T5332] RAX: ffffffffffffffda RBX: 00007fc79f7e5fa0 RCX: 00007fc79f58f7c9
[   75.802001][ T5332] RDX: 0000200000000400 RSI: 00000000c02864c3 RDI: 0000000000000003
[   75.805690][ T5332] RBP: 00007fc79f613f91 R08: 0000000000000000 R09: 0000000000000000
[   75.809173][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.812637][ T5332] R13: 00007fc79f7e6038 R14: 00007fc79f7e5fa0 R15: 00007ffef387e8f8
[   75.816845][ T5332]  </TASK>
[   75.818925][ T5332] Kernel Offset: disabled
[   75.821265][ T5332] Rebooting in 86400 seconds..