program:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e1e, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002840)={0x44, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac, @device_b, @broadcast}}}]}, 0x44}}, 0x0)
sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x44008004)
r5 = socket(0x11, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r7}, 0x14)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4)
sendmsg$netlink(r5, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="020114008cdc18000e3580009f000114600000060600ac141414e0000003808a8972bd0b72e4a139697dd2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0ab42e32a097dbd4be5ffca88faca"], 0xdd12}, {&(0x7f0000000440)=ANY=[], 0x10}], 0x2}, 0x20040051)
write$binfmt_misc(r1, &(0x7f0000000300), 0xfdef)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc03064ca, &(0x7f0000000480)={&(0x7f0000000040)=[r8, r8, r8], 0x0, 0xfffffffffffffaef, 0x3ffffffffffffe33, 0x3})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r0, 0xc00864c0, &(0x7f0000000140)={r8})

[  118.552101][ T5334] ------------[ cut here ]------------
[  118.554627][ T5334] 1
[  118.554639][ T5334] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5334
[  118.562607][ T5334] Modules linked in:
[  118.573697][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  118.577829][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  118.582235][ T5334] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  118.585328][ T5334] Code: 74 10 4c 89 e7 89 54 24 0c e8 fb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 8b 22 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  118.594002][ T5334] RSP: 0018:ffffc9000ccdf8a0 EFLAGS: 00010246
[  118.596635][ T5334] RAX: ffffc9000ccdf800 RBX: 0000000000000016 RCX: 0000000000000000
[  118.600097][ T5334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ccdf908
[  118.603838][ T5334] RBP: ffffc9000ccdf990 R08: ffffc9000ccdf907 R09: 0000000000000000
[  118.607348][ T5334] R10: ffffc9000ccdf8e0 R11: fffff5200199bf21 R12: 0000000000000000
[  118.610843][ T5334] R13: 1ffff9200199bf18 R14: 0000000000040cc0 R15: dffffc0000000000
[  118.614634][ T5334] FS:  00007f0214e7e6c0(0000) GS:ffff88808c87e000(0000) knlGS:0000000000000000
[  118.619113][ T5334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.622254][ T5334] CR2: 0000200000010000 CR3: 0000000038d02000 CR4: 0000000000352ef0
[  118.625886][ T5334] Call Trace:
[  118.627763][ T5334]  <TASK>
[  118.629035][ T5334]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  118.632041][ T5334]  ? __pfx_policy_nodemask+0x10/0x10
[  118.634464][ T5334]  ? kasan_save_track+0x4f/0x80
[  118.636573][ T5334]  ? kasan_save_track+0x3e/0x80
[  118.638667][ T5334]  ? kasan_save_free_info+0x46/0x50
[  118.641010][ T5334]  ? kfree+0x1c5/0x640
[  118.642898][ T5334]  ? tomoyo_path_number_perm+0x501/0x630
[  118.645606][ T5334]  ? security_file_ioctl+0xc3/0x2a0
[  118.647885][ T5334]  ? __se_sys_ioctl+0x47/0x170
[  118.650099][ T5334]  alloc_pages_mpol+0x235/0x490
[  118.652415][ T5334]  ___kmalloc_large_node+0x4e/0x120
[  118.654872][ T5334]  __kmalloc_large_node_noprof+0x18/0x90
[  118.657403][ T5334]  __kmalloc_noprof+0x3e8/0x760
[  118.659549][ T5334]  ? drm_syncobj_array_find+0x3a/0x440
[  118.661935][ T5334]  drm_syncobj_array_find+0x3a/0x440
[  118.664346][ T5334]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[  118.666976][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.670066][ T5334]  drm_ioctl_kernel+0x2df/0x3b0
[  118.672176][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.675088][ T5334]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  118.677393][ T5334]  drm_ioctl+0x6ba/0xb80
[  118.679235][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.682273][ T5334]  ? __pfx_drm_ioctl+0x10/0x10
[  118.684521][ T5334]  ? __fget_files+0x2a/0x420
[  118.686575][ T5334]  ? bpf_lsm_file_ioctl+0x9/0x20
[  118.688677][ T5334]  ? __pfx_drm_ioctl+0x10/0x10
[  118.690825][ T5334]  __se_sys_ioctl+0xfc/0x170
[  118.692922][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.695756][ T5334]  do_syscall_64+0x15f/0xf80
[  118.697868][ T5334]  ? clear_bhb_loop+0x40/0x90
[  118.699880][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.702432][ T5334] RIP: 0033:0x7f0213f9ce59
[  118.704584][ T5334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.712993][ T5334] RSP: 002b:00007f0214e7dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  118.716698][ T5334] RAX: ffffffffffffffda RBX: 00007f0214215fa0 RCX: 00007f0213f9ce59
[  118.720128][ T5334] RDX: 0000200000000480 RSI: 00000000c03064ca RDI: 0000000000000003
[  118.723812][ T5334] RBP: 00007f0214032d6f R08: 0000000000000000 R09: 0000000000000000
[  118.727400][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.731247][ T5334] R13: 00007f0214216038 R14: 00007f0214215fa0 R15: 00007fff7faa7948
[  118.735123][ T5334]  </TASK>
[  118.736749][ T5334] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  118.739980][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  118.744142][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  118.748640][ T5334] Call Trace:
[  118.750156][ T5334]  <TASK>
[  118.751606][ T5334]  vpanic+0x56c/0xa60
[  118.753518][ T5334]  ? __pfx__printk+0x10/0x10
[  118.755670][ T5334]  ? __pfx_vpanic+0x10/0x10
[  118.757752][ T5334]  ? is_bpf_text_address+0x292/0x2b0
[  118.760063][ T5334]  ? is_bpf_text_address+0x26/0x2b0
[  118.762159][ T5334]  panic+0xc5/0xd0
[  118.763915][ T5334]  ? __pfx_panic+0x10/0x10
[  118.765960][ T5334]  __warn+0x315/0x4c0
[  118.767688][ T5334]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  118.770111][ T5334]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  118.772697][ T5334]  __report_bug+0x29a/0x540
[  118.774776][ T5334]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  118.777496][ T5334]  ? __pfx___report_bug+0x10/0x10
[  118.779685][ T5334]  ? is_bpf_text_address+0x26/0x2b0
[  118.781966][ T5334]  ? is_bpf_text_address+0x292/0x2b0
[  118.784284][ T5334]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  118.786919][ T5334]  report_bug+0x16a/0x220
[  118.788930][ T5334]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  118.791600][ T5334]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[  118.794467][ T5334]  handle_bug+0x9c/0x200
[  118.796623][ T5334]  exc_invalid_op+0x1a/0x50
[  118.798627][ T5334]  asm_exc_invalid_op+0x1a/0x20
[  118.800632][ T5334] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  118.803237][ T5334] Code: 74 10 4c 89 e7 89 54 24 0c e8 fb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 8b 22 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  118.810945][ T5334] RSP: 0018:ffffc9000ccdf8a0 EFLAGS: 00010246
[  118.814059][ T5334] RAX: ffffc9000ccdf800 RBX: 0000000000000016 RCX: 0000000000000000
[  118.817523][ T5334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ccdf908
[  118.820842][ T5334] RBP: ffffc9000ccdf990 R08: ffffc9000ccdf907 R09: 0000000000000000
[  118.824116][ T5334] R10: ffffc9000ccdf8e0 R11: fffff5200199bf21 R12: 0000000000000000
[  118.827405][ T5334] R13: 1ffff9200199bf18 R14: 0000000000040cc0 R15: dffffc0000000000
[  118.830679][ T5334]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  118.833385][ T5334]  ? __pfx_policy_nodemask+0x10/0x10
[  118.835617][ T5334]  ? kasan_save_track+0x4f/0x80
[  118.837810][ T5334]  ? kasan_save_track+0x3e/0x80
[  118.840021][ T5334]  ? kasan_save_free_info+0x46/0x50
[  118.842448][ T5334]  ? kfree+0x1c5/0x640
[  118.844364][ T5334]  ? tomoyo_path_number_perm+0x501/0x630
[  118.846893][ T5334]  ? security_file_ioctl+0xc3/0x2a0
[  118.849258][ T5334]  ? __se_sys_ioctl+0x47/0x170
[  118.851545][ T5334]  alloc_pages_mpol+0x235/0x490
[  118.853805][ T5334]  ___kmalloc_large_node+0x4e/0x120
[  118.856195][ T5334]  __kmalloc_large_node_noprof+0x18/0x90
[  118.858762][ T5334]  __kmalloc_noprof+0x3e8/0x760
[  118.861022][ T5334]  ? drm_syncobj_array_find+0x3a/0x440
[  118.863571][ T5334]  drm_syncobj_array_find+0x3a/0x440
[  118.865966][ T5334]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[  118.868737][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.871755][ T5334]  drm_ioctl_kernel+0x2df/0x3b0
[  118.873985][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.877034][ T5334]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  118.879489][ T5334]  drm_ioctl+0x6ba/0xb80
[  118.881519][ T5334]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[  118.884501][ T5334]  ? __pfx_drm_ioctl+0x10/0x10
[  118.886661][ T5334]  ? __fget_files+0x2a/0x420
[  118.888672][ T5334]  ? bpf_lsm_file_ioctl+0x9/0x20
[  118.890840][ T5334]  ? __pfx_drm_ioctl+0x10/0x10
[  118.892845][ T5334]  __se_sys_ioctl+0xfc/0x170
[  118.894764][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.897299][ T5334]  do_syscall_64+0x15f/0xf80
[  118.899291][ T5334]  ? clear_bhb_loop+0x40/0x90
[  118.901394][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.904050][ T5334] RIP: 0033:0x7f0213f9ce59
[  118.906071][ T5334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.914725][ T5334] RSP: 002b:00007f0214e7dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  118.918350][ T5334] RAX: ffffffffffffffda RBX: 00007f0214215fa0 RCX: 00007f0213f9ce59
[  118.921890][ T5334] RDX: 0000200000000480 RSI: 00000000c03064ca RDI: 0000000000000003
[  118.925426][ T5334] RBP: 00007f0214032d6f R08: 0000000000000000 R09: 0000000000000000
[  118.929080][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.932713][ T5334] R13: 00007f0214216038 R14: 00007f0214215fa0 R15: 00007fff7faa7948
[  118.936297][ T5334]  </TASK>
[  118.938120][ T5334] Kernel Offset: disabled
[  118.940067][ T5334] Rebooting in 86400 seconds..