program:
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r0=>0x0})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newlink={0x84, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x6a}}, @IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_PHYS_SWITCH_ID={0x23, 0x24, "01b7b9b2754685f994d4bb6842ce1688ac756df663e5140ce7e5dc33af63d9"}]}, 0x84}, 0x1, 0xba01}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000000)={<r5=>0x0})
r6 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000b00)=ANY=[@ANYBLOB="1201000000000008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000040)={0x2c, &(0x7f00000012c0)=ANY=[@ANYBLOB="400305"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x41)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000140)={0x0, 0xee, 0x6, &(0x7f0000000080)={0x0, "6697a211dbad4b04a1a9f9d83a419eda7b149df035af0ab8bb258b0a9435b2e3ca"}})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r4, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080), &(0x7f0000000140)=[0x80], 0xd14d2fb6a35638f8})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r4, 0xc02064cc, &(0x7f0000000400)={r5, r5, 0xa, 0x6, 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000100)={<r9=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={<r10=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000180)={<r11=>0x0})
r12 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_ABS_SETUP(r12, 0x401c5504, &(0x7f0000000100)={0x0, {0x0, 0x0, 0x0, 0x0, 0x48e}})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={<r13=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000200)={<r14=>0x0})
r15 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r15, 0xc00864bf, &(0x7f0000000000)={<r16=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r15, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000040)=[r16], 0xfffffffffffffffe, 0xfffffffffffeffff, 0x1, 0xb})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r4, 0xc01064c5, &(0x7f0000000300)={&(0x7f0000000280)=[r0, r5, r8, r14, r9, r10, r11, r13, r14, r16], 0xa})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
r17 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r17, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_names='veth1_virt_wifi\x00'})

[   75.186593][ T5298] Bluetooth: hci0: command tx timeout
[   75.519034][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.669088][    T9] usb 5-1: Using ep0 maxpacket: 8
[   75.674281][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.679126][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.683736][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[   75.686980][    T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   75.692107][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.705397][    T9] usb 5-1: config 0 descriptor??
[   76.136500][    T9] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   76.140476][    T9] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   76.143572][    T9] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   76.146938][    T9] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   76.150914][    T9] mcp2221 0003:04D8:00DD.0002: unknown main item tag 0x0
[   76.157554][    T9] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[   76.335364][ T5318] ------------[ cut here ]------------
[   76.337696][ T5318] WARNING: CPU: 0 PID: 5318 at mm/page_alloc.c:5159 __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.342291][ T5318] Modules linked in:
[   76.344057][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.347845][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.353135][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   76.355984][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 bd 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 01 77 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   76.364283][ T5318] RSP: 0018:ffffc9000d52f920 EFLAGS: 00010246
[   76.366862][ T5318] RAX: ffffc9000d52f900 RBX: 0000000000000016 RCX: 0000000000000000
[   76.370698][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d52f988
[   76.373959][ T5318] RBP: ffffc9000d52fa10 R08: ffffc9000d52f987 R09: 0000000000000000
[   76.377202][ T5318] R10: ffffc9000d52f960 R11: fffff52001aa5f31 R12: 0000000000000000
[   76.380605][ T5318] R13: 1ffff92001aa5f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   76.383908][ T5318] FS:  00007faa5b0226c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.387675][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.390529][ T5318] CR2: 000055c9f0f920c0 CR3: 0000000042c8e000 CR4: 0000000000352ef0
[   76.393751][ T5318] Call Trace:
[   76.395119][ T5318]  <TASK>
[   76.396407][ T5318]  ? kasan_save_track+0x3e/0x80
[   76.398420][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   76.401068][ T5318]  ? security_file_ioctl+0xcb/0x2d0
[   76.403287][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   76.405338][ T5318]  ___kmalloc_large_node+0x5f/0x1b0
[   76.407499][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   76.409965][ T5318]  __kmalloc_noprof+0x4bd/0x7f0
[   76.411941][ T5318]  ? drm_syncobj_array_find+0x3a/0x450
[   76.414239][ T5318]  drm_syncobj_array_find+0x3a/0x450
[   76.416473][ T5318]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   76.419218][ T5318]  ? drm_dev_exit+0x3a/0x60
[   76.421105][ T5318]  drm_ioctl_kernel+0x2cf/0x390
[   76.423208][ T5318]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   76.426064][ T5318]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   76.428340][ T5318]  drm_ioctl+0x67f/0xb10
[   76.430251][ T5318]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   76.433048][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   76.435110][ T5318]  ? __fget_files+0x3a0/0x420
[   76.437077][ T5318]  ? __fget_files+0x2a/0x420
[   76.439231][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.441345][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   76.443436][ T5318]  __se_sys_ioctl+0xfc/0x170
[   76.445430][ T5318]  do_syscall_64+0xfa/0xfa0
[   76.447391][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.449581][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.452042][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.454011][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.456472][ T5318] RIP: 0033:0x7faa5a18f6c9
[   76.458395][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.466782][ T5318] RSP: 002b:00007faa5b022038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.470755][ T5318] RAX: ffffffffffffffda RBX: 00007faa5a3e5fa0 RCX: 00007faa5a18f6c9
[   76.473986][ T5318] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000005
[   76.477007][ T5318] RBP: 00007faa5a211f91 R08: 0000000000000000 R09: 0000000000000000
[   76.480218][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.483203][ T5318] R13: 00007faa5a3e6038 R14: 00007faa5a3e5fa0 R15: 00007fffc6a534f8
[   76.486266][ T5318]  </TASK>
[   76.487473][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.490450][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.494039][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.498418][ T5318] Call Trace:
[   76.499832][ T5318]  <TASK>
[   76.501095][ T5318]  dump_stack_lvl+0x99/0x250
[   76.503123][ T5318]  ? __asan_memcpy+0x40/0x70
[   76.505118][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.507346][ T5318]  ? __pfx__printk+0x10/0x10
[   76.509338][ T5318]  vpanic+0x237/0x6d0
[   76.511062][ T5318]  ? __pfx_vpanic+0x10/0x10
[   76.513000][ T5318]  panic+0xb9/0xc0
[   76.514693][ T5318]  ? __pfx_panic+0x10/0x10
[   76.516666][ T5318]  __warn+0x31b/0x4b0
[   76.518380][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.520855][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.523349][ T5318]  report_bug+0x2be/0x4f0
[   76.525224][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.527788][ T5318]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   76.530340][ T5318]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   76.532853][ T5318]  handle_bug+0x84/0x160
[   76.534789][ T5318]  exc_invalid_op+0x1a/0x50
[   76.536736][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   76.538805][ T5318] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   76.541545][ T5318] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 bd 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 01 77 4d 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   76.549598][ T5318] RSP: 0018:ffffc9000d52f920 EFLAGS: 00010246
[   76.552160][ T5318] RAX: ffffc9000d52f900 RBX: 0000000000000016 RCX: 0000000000000000
[   76.555544][ T5318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d52f988
[   76.558883][ T5318] RBP: ffffc9000d52fa10 R08: ffffc9000d52f987 R09: 0000000000000000
[   76.562037][ T5318] R10: ffffc9000d52f960 R11: fffff52001aa5f31 R12: 0000000000000000
[   76.565310][ T5318] R13: 1ffff92001aa5f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   76.568650][ T5318]  ? kasan_save_track+0x3e/0x80
[   76.570707][ T5318]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   76.573281][ T5318]  ? security_file_ioctl+0xcb/0x2d0
[   76.575483][ T5318]  alloc_pages_mpol+0x232/0x4a0
[   76.577580][ T5318]  ___kmalloc_large_node+0x5f/0x1b0
[   76.579709][ T5318]  __kmalloc_large_node_noprof+0x18/0x90
[   76.582168][ T5318]  __kmalloc_noprof+0x4bd/0x7f0
[   76.584311][ T5318]  ? drm_syncobj_array_find+0x3a/0x450
[   76.586629][ T5318]  drm_syncobj_array_find+0x3a/0x450
[   76.588741][ T5318]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   76.591235][ T5318]  ? drm_dev_exit+0x3a/0x60
[   76.593043][ T5318]  drm_ioctl_kernel+0x2cf/0x390
[   76.595175][ T5318]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   76.598052][ T5318]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   76.600315][ T5318]  drm_ioctl+0x67f/0xb10
[   76.602149][ T5318]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   76.605063][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   76.607076][ T5318]  ? __fget_files+0x3a0/0x420
[   76.609034][ T5318]  ? __fget_files+0x2a/0x420
[   76.611011][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.613100][ T5318]  ? __pfx_drm_ioctl+0x10/0x10
[   76.615164][ T5318]  __se_sys_ioctl+0xfc/0x170
[   76.617099][ T5318]  do_syscall_64+0xfa/0xfa0
[   76.619095][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.621318][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.623909][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.625936][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.628484][ T5318] RIP: 0033:0x7faa5a18f6c9
[   76.630395][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.638444][ T5318] RSP: 002b:00007faa5b022038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.641980][ T5318] RAX: ffffffffffffffda RBX: 00007faa5a3e5fa0 RCX: 00007faa5a18f6c9
[   76.645603][ T5318] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000005
[   76.648903][ T5318] RBP: 00007faa5a211f91 R08: 0000000000000000 R09: 0000000000000000
[   76.652538][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.656109][ T5318] R13: 00007faa5a3e6038 R14: 00007faa5a3e5fa0 R15: 00007fffc6a534f8
[   76.659690][ T5318]  </TASK>
[   76.661437][ T5318] Kernel Offset: disabled
[   76.663785][ T5318] Rebooting in 86400 seconds..