program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000001c0)={0x8, 0x5, 0x18})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r2, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r3, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x77c65a7a60148f22)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r5=>0x0})
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
r7 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, &(0x7f0000000000)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r7, 0xc01864cd, &(0x7f00000003c0)={&(0x7f0000000400), 0x0, 0x40000175})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r7, 0xc01064c1, &(0x7f00000002c0)={r8, 0x1, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r7, 0xc01064c2, &(0x7f0000000300)={0x0, 0x1, r9})
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r6, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @loopback}}, [0x6, 0x7, 0x346, 0x0, 0x2, 0x5, 0x80, 0x2c, 0x7f, 0x4, 0x3, 0x8, 0x6, 0x100, 0x6]}, &(0x7f0000000080)=0x100)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x4c, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_UNICAST_FLOOD={0x5}, @IFLA_BRPORT_ISOLATED={0x5, 0x21, 0x1}]}}}]}, 0x4c}}, 0x0)

[  128.906704][   T46] Bluetooth: hci0: command tx timeout
[  129.032259][ T5347] ------------[ cut here ]------------
[  129.034831][ T5347] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#0: syz.0.0/5347
[  129.040462][ T5347] Modules linked in:
[  129.042354][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  129.046850][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.051274][ T5347] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  129.053685][ T5347] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b3 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  129.061992][ T5347] RSP: 0018:ffffc9000c11f940 EFLAGS: 00010246
[  129.064511][ T5347] RAX: ffffc9000c11f900 RBX: 0000000000000015 RCX: 0000000000000000
[  129.067953][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c11f9a8
[  129.071245][ T5347] RBP: ffffc9000c11fa40 R08: ffffc9000c11f9a7 R09: 0000000000000000
[  129.074227][ T5347] R10: ffffc9000c11f980 R11: fffff52001823f35 R12: 0000000000000000
[  129.077349][ T5347] R13: 1ffff92001823f2c R14: 0000000000040cc0 R15: dffffc0000000000
[  129.080649][ T5347] FS:  00007f1f955c76c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[  129.084217][ T5347] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.086826][ T5347] CR2: 00007f1f955c5fb8 CR3: 000000001f8e5000 CR4: 0000000000352ef0
[  129.089827][ T5347] Call Trace:
[  129.091171][ T5347]  <TASK>
[  129.092308][ T5347]  ? kasan_save_track+0x3e/0x80
[  129.094070][ T5347]  ? __kasan_slab_free+0x5c/0x80
[  129.096558][ T5347]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  129.099429][ T5347]  ? do_syscall_64+0xec/0xf80
[  129.101499][ T5347]  ? policy_nodemask+0x27c/0x720
[  129.103694][ T5347]  alloc_pages_mpol+0x232/0x4a0
[  129.105928][ T5347]  ___kmalloc_large_node+0x4e/0x150
[  129.108534][ T5347]  __kmalloc_large_node_noprof+0x18/0x90
[  129.111194][ T5347]  __kmalloc_noprof+0x4c9/0x800
[  129.113372][ T5347]  ? drm_syncobj_array_find+0x3a/0x450
[  129.115880][ T5347]  ? drm_dev_enter+0x49/0x150
[  129.118035][ T5347]  drm_syncobj_array_find+0x3a/0x450
[  129.120418][ T5347]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[  129.123182][ T5347]  ? drm_dev_exit+0x3a/0x60
[  129.125228][ T5347]  drm_ioctl_kernel+0x2cf/0x390
[  129.127574][ T5347]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  129.130526][ T5347]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  129.132889][ T5347]  drm_ioctl+0x67f/0xb10
[  129.134717][ T5347]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  129.137802][ T5347]  ? __pfx_drm_ioctl+0x10/0x10
[  129.139924][ T5347]  ? __fget_files+0x2a/0x420
[  129.141916][ T5347]  ? bpf_lsm_file_ioctl+0x9/0x20
[  129.144036][ T5347]  ? __pfx_drm_ioctl+0x10/0x10
[  129.146571][ T5347]  __se_sys_ioctl+0xfc/0x170
[  129.148681][ T5347]  do_syscall_64+0xec/0xf80
[  129.151065][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.153745][ T5347]  ? trace_irq_disable+0x37/0x100
[  129.155734][ T5347]  ? clear_bhb_loop+0x60/0xb0
[  129.157457][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.159583][ T5347] RIP: 0033:0x7f1f9478f7c9
[  129.161429][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.169498][ T5347] RSP: 002b:00007f1f955c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  129.172773][ T5347] RAX: ffffffffffffffda RBX: 00007f1f949e5fa0 RCX: 00007f1f9478f7c9
[  129.175877][ T5347] RDX: 00002000000003c0 RSI: 00000000c01864cd RDI: 0000000000000009
[  129.179037][ T5347] RBP: 00007f1f94813f91 R08: 0000000000000000 R09: 0000000000000000
[  129.182131][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.185566][ T5347] R13: 00007f1f949e6038 R14: 00007f1f949e5fa0 R15: 00007fffd30d1698
[  129.188991][ T5347]  </TASK>
[  129.190472][ T5347] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  129.193570][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  129.197445][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.202113][ T5347] Call Trace:
[  129.203626][ T5347]  <TASK>
[  129.204905][ T5347]  vpanic+0x1e0/0x670
[  129.206601][ T5347]  panic+0xb9/0xc0
[  129.208218][ T5347]  ? __pfx_panic+0x10/0x10
[  129.210008][ T5347]  __warn+0x317/0x4b0
[  129.211375][ T5347]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  129.213827][ T5347]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  129.216454][ T5347]  __report_bug+0x288/0x500
[  129.218432][ T5347]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  129.220975][ T5347]  ? __pfx___report_bug+0x10/0x10
[  129.223233][ T5347]  ? is_bpf_text_address+0x292/0x2b0
[  129.225565][ T5347]  ? is_bpf_text_address+0x26/0x2b0
[  129.227850][ T5347]  ? kernel_text_address+0xa5/0xe0
[  129.230023][ T5347]  ? __kernel_text_address+0xd/0x40
[  129.232207][ T5347]  ? unwind_get_return_address+0x4d/0x90
[  129.234660][ T5347]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  129.237197][ T5347]  report_bug+0x16a/0x220
[  129.238998][ T5347]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  129.241541][ T5347]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[  129.244163][ T5347]  handle_bug+0x98/0x200
[  129.246076][ T5347]  exc_invalid_op+0x1a/0x50
[  129.248109][ T5347]  asm_exc_invalid_op+0x1a/0x20
[  129.250240][ T5347] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  129.253109][ T5347] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 ad 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 b3 58 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  129.261320][ T5347] RSP: 0018:ffffc9000c11f940 EFLAGS: 00010246
[  129.264034][ T5347] RAX: ffffc9000c11f900 RBX: 0000000000000015 RCX: 0000000000000000
[  129.267621][ T5347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c11f9a8
[  129.271137][ T5347] RBP: ffffc9000c11fa40 R08: ffffc9000c11f9a7 R09: 0000000000000000
[  129.274773][ T5347] R10: ffffc9000c11f980 R11: fffff52001823f35 R12: 0000000000000000
[  129.278161][ T5347] R13: 1ffff92001823f2c R14: 0000000000040cc0 R15: dffffc0000000000
[  129.281341][ T5347]  ? kasan_save_track+0x3e/0x80
[  129.283122][ T5347]  ? __kasan_slab_free+0x5c/0x80
[  129.284964][ T5347]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  129.287771][ T5347]  ? do_syscall_64+0xec/0xf80
[  129.289817][ T5347]  ? policy_nodemask+0x27c/0x720
[  129.292095][ T5347]  alloc_pages_mpol+0x232/0x4a0
[  129.294320][ T5347]  ___kmalloc_large_node+0x4e/0x150
[  129.296657][ T5347]  __kmalloc_large_node_noprof+0x18/0x90
[  129.299121][ T5347]  __kmalloc_noprof+0x4c9/0x800
[  129.301214][ T5347]  ? drm_syncobj_array_find+0x3a/0x450
[  129.303632][ T5347]  ? drm_dev_enter+0x49/0x150
[  129.305726][ T5347]  drm_syncobj_array_find+0x3a/0x450
[  129.308064][ T5347]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[  129.310886][ T5347]  ? drm_dev_exit+0x3a/0x60
[  129.312975][ T5347]  drm_ioctl_kernel+0x2cf/0x390
[  129.315220][ T5347]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  129.318144][ T5347]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  129.320431][ T5347]  drm_ioctl+0x67f/0xb10
[  129.322341][ T5347]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  129.325879][ T5347]  ? __pfx_drm_ioctl+0x10/0x10
[  129.328018][ T5347]  ? __fget_files+0x2a/0x420
[  129.330159][ T5347]  ? bpf_lsm_file_ioctl+0x9/0x20
[  129.332470][ T5347]  ? __pfx_drm_ioctl+0x10/0x10
[  129.334994][ T5347]  __se_sys_ioctl+0xfc/0x170
[  129.337505][ T5347]  do_syscall_64+0xec/0xf80
[  129.339712][ T5347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.342351][ T5347]  ? trace_irq_disable+0x37/0x100
[  129.344598][ T5347]  ? clear_bhb_loop+0x60/0xb0
[  129.346835][ T5347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.349865][ T5347] RIP: 0033:0x7f1f9478f7c9
[  129.351709][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.359896][ T5347] RSP: 002b:00007f1f955c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  129.363541][ T5347] RAX: ffffffffffffffda RBX: 00007f1f949e5fa0 RCX: 00007f1f9478f7c9
[  129.366806][ T5347] RDX: 00002000000003c0 RSI: 00000000c01864cd RDI: 0000000000000009
[  129.370275][ T5347] RBP: 00007f1f94813f91 R08: 0000000000000000 R09: 0000000000000000
[  129.374030][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.377635][ T5347] R13: 00007f1f949e6038 R14: 00007f1f949e5fa0 R15: 00007fffd30d1698
[  129.380579][ T5347]  </TASK>
[  129.382190][ T5347] Kernel Offset: disabled
[  129.384138][ T5347] Rebooting in 86400 seconds..