program:
r0 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000240)={<r3=>0x0})
r4 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', <r5=>0x0})
bind$packet(r4, &(0x7f0000000180)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r6 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r2, 0xc02864c3, &(0x7f0000000400)={&(0x7f00000001c0)=[r3], 0x800000000000002, 0x1, 0xb})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000000)={&(0x7f0000000100)=[r3], 0x0, 0x400001fb})
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000080)=0x1c)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$can_j1939(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)="afc500147ef01b38f9a535a4631d53727d4f7f304c83f5f3ff34bca138f9d0713ca0c81696f039c022048b0a7760faf36fb9d93ad761ab2b806ae6b8f7a1dbbc03de727c52ec34ee75c0e3184091396ec913d578190db7b21323108f368e31969374ec", 0x63}, 0x1, 0x0, 0x0, 0x4040}, 0x2)
syz_emit_vhci(&(0x7f0000000800)=ANY=[], 0x20b)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000440)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x5, 0x1, 0xa})

[   85.656004][ T5288] Bluetooth: hci0: command tx timeout
[   85.914361][ T5326] ------------[ cut here ]------------
[   85.916951][ T5326] 1
[   85.916961][ T5326] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5326
[   85.922780][ T5326] Modules linked in:
[   85.924561][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.928449][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.932820][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   85.935658][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 88 1c f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.944396][ T5326] RSP: 0018:ffffc9000e3bf920 EFLAGS: 00010246
[   85.947280][ T5326] RAX: ffffc9000e3bf900 RBX: 0000000000000015 RCX: 0000000000000000
[   85.950868][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e3bf988
[   85.954502][ T5326] RBP: ffffc9000e3bfa20 R08: ffffc9000e3bf987 R09: 0000000000000000
[   85.959219][ T5326] R10: ffffc9000e3bf960 R11: fffff52001c77f31 R12: 0000000000000000
[   85.963075][ T5326] R13: 1ffff92001c77f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.966650][ T5326] FS:  00007f3174d146c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000
[   85.970720][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.973556][ T5326] CR2: 00007f3174d13ff8 CR3: 000000003479f000 CR4: 0000000000352ef0
[   85.977251][ T5326] Call Trace:
[   85.978813][ T5326]  <TASK>
[   85.980150][ T5326]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.982933][ T5326]  ? __pfx_policy_nodemask+0x10/0x10
[   85.985417][ T5326]  alloc_pages_mpol+0x235/0x490
[   85.987757][ T5326]  ___kmalloc_large_node+0x4e/0x120
[   85.990092][ T5326]  __kmalloc_large_node_noprof+0x18/0x90
[   85.992577][ T5326]  __kmalloc_noprof+0x3e8/0x760
[   85.994726][ T5326]  ? drm_syncobj_array_find+0x3a/0x440
[   85.997344][ T5326]  ? drm_dev_enter+0x49/0x150
[   85.999596][ T5326]  drm_syncobj_array_find+0x3a/0x440
[   86.002046][ T5326]  drm_syncobj_timeline_signal_ioctl+0x165/0x8a0
[   86.004926][ T5326]  ? drm_dev_exit+0x3a/0x60
[   86.006962][ T5326]  drm_ioctl_kernel+0x2df/0x3b0
[   86.009006][ T5326]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   86.011942][ T5326]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.014205][ T5326]  drm_ioctl+0x6ba/0xb80
[   86.016102][ T5326]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   86.019341][ T5326]  ? __pfx_drm_ioctl+0x10/0x10
[   86.021467][ T5326]  ? __fget_files+0x2a/0x420
[   86.023449][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.025779][ T5326]  ? __pfx_drm_ioctl+0x10/0x10
[   86.028086][ T5326]  __se_sys_ioctl+0xfc/0x170
[   86.030178][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.032860][ T5326]  do_syscall_64+0x15f/0xf80
[   86.034932][ T5326]  ? trace_irq_disable+0x3b/0x140
[   86.037334][ T5326]  ? clear_bhb_loop+0x40/0x90
[   86.039570][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.042201][ T5326] RIP: 0033:0x7f3173d9ce59
[   86.044243][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.053000][ T5326] RSP: 002b:00007f3174d13fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.056897][ T5326] RAX: ffffffffffffffda RBX: 00007f3174016090 RCX: 00007f3173d9ce59
[   86.060678][ T5326] RDX: 0000200000000000 RSI: 00000000c01864cd RDI: 0000000000000003
[   86.064118][ T5326] RBP: 00007f3173e32d6f R08: 0000000000000000 R09: 0000000000000000
[   86.067974][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.071351][ T5326] R13: 00007f3174016128 R14: 00007f3174016090 R15: 00007ffe576e4408
[   86.074564][ T5326]  </TASK>
[   86.075862][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.078898][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.082644][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.087120][ T5326] Call Trace:
[   86.088659][ T5326]  <TASK>
[   86.090065][ T5326]  vpanic+0x56c/0xa60
[   86.091913][ T5326]  ? __pfx__printk+0x10/0x10
[   86.094103][ T5326]  ? __pfx_vpanic+0x10/0x10
[   86.096141][ T5326]  ? is_bpf_text_address+0x292/0x2b0
[   86.098517][ T5326]  ? is_bpf_text_address+0x26/0x2b0
[   86.100757][ T5326]  panic+0xc5/0xd0
[   86.102488][ T5326]  ? __pfx_panic+0x10/0x10
[   86.104545][ T5326]  __warn+0x315/0x4c0
[   86.106390][ T5326]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   86.109111][ T5326]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   86.111858][ T5326]  __report_bug+0x29a/0x540
[   86.113931][ T5326]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   86.116546][ T5326]  ? __pfx___report_bug+0x10/0x10
[   86.118808][ T5326]  ? is_bpf_text_address+0x292/0x2b0
[   86.121152][ T5326]  ? is_bpf_text_address+0x26/0x2b0
[   86.123433][ T5326]  ? kernel_text_address+0xa5/0xe0
[   86.125724][ T5326]  ? __kernel_text_address+0xd/0x30
[   86.127919][ T5326]  ? unwind_get_return_address+0x4d/0x90
[   86.130328][ T5326]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   86.133025][ T5326]  report_bug+0x16a/0x220
[   86.134868][ T5326]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   86.137492][ T5326]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   86.140203][ T5326]  handle_bug+0x9c/0x200
[   86.142158][ T5326]  exc_invalid_op+0x1a/0x50
[   86.144263][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   86.146456][ T5326] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   86.149439][ T5326] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 88 1c f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   86.158009][ T5326] RSP: 0018:ffffc9000e3bf920 EFLAGS: 00010246
[   86.160760][ T5326] RAX: ffffc9000e3bf900 RBX: 0000000000000015 RCX: 0000000000000000
[   86.164227][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e3bf988
[   86.167689][ T5326] RBP: ffffc9000e3bfa20 R08: ffffc9000e3bf987 R09: 0000000000000000
[   86.171268][ T5326] R10: ffffc9000e3bf960 R11: fffff52001c77f31 R12: 0000000000000000
[   86.174895][ T5326] R13: 1ffff92001c77f28 R14: 0000000000040cc0 R15: dffffc0000000000
[   86.178506][ T5326]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   86.181422][ T5326]  ? __pfx_policy_nodemask+0x10/0x10
[   86.183783][ T5326]  alloc_pages_mpol+0x235/0x490
[   86.186019][ T5326]  ___kmalloc_large_node+0x4e/0x120
[   86.188289][ T5326]  __kmalloc_large_node_noprof+0x18/0x90
[   86.190806][ T5326]  __kmalloc_noprof+0x3e8/0x760
[   86.193066][ T5326]  ? drm_syncobj_array_find+0x3a/0x440
[   86.195456][ T5326]  ? drm_dev_enter+0x49/0x150
[   86.197550][ T5326]  drm_syncobj_array_find+0x3a/0x440
[   86.199876][ T5326]  drm_syncobj_timeline_signal_ioctl+0x165/0x8a0
[   86.202588][ T5326]  ? drm_dev_exit+0x3a/0x60
[   86.204506][ T5326]  drm_ioctl_kernel+0x2df/0x3b0
[   86.206538][ T5326]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   86.209370][ T5326]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.211592][ T5326]  drm_ioctl+0x6ba/0xb80
[   86.213395][ T5326]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   86.216194][ T5326]  ? __pfx_drm_ioctl+0x10/0x10
[   86.218296][ T5326]  ? __fget_files+0x2a/0x420
[   86.220305][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.222538][ T5326]  ? __pfx_drm_ioctl+0x10/0x10
[   86.224674][ T5326]  __se_sys_ioctl+0xfc/0x170
[   86.226632][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.229395][ T5326]  do_syscall_64+0x15f/0xf80
[   86.231525][ T5326]  ? trace_irq_disable+0x3b/0x140
[   86.233814][ T5326]  ? clear_bhb_loop+0x40/0x90
[   86.235872][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.238497][ T5326] RIP: 0033:0x7f3173d9ce59
[   86.240517][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.249032][ T5326] RSP: 002b:00007f3174d13fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.252754][ T5326] RAX: ffffffffffffffda RBX: 00007f3174016090 RCX: 00007f3173d9ce59
[   86.255950][ T5326] RDX: 0000200000000000 RSI: 00000000c01864cd RDI: 0000000000000003
[   86.259265][ T5326] RBP: 00007f3173e32d6f R08: 0000000000000000 R09: 0000000000000000
[   86.262581][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.265775][ T5326] R13: 00007f3174016128 R14: 00007f3174016090 R15: 00007ffe576e4408
[   86.269148][ T5326]  </TASK>
[   86.270980][ T5326] Kernel Offset: disabled
[   86.272949][ T5326] Rebooting in 86400 seconds..