program:
r0 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={<r1=>0x0})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xd0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x90014, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x2, @perf_config_ext={0xc19e, 0x8}, 0x0, 0x3, 0xffffffff, 0x0, 0x6, 0x87c, 0x81, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x0)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000100)=""/64, 0x40}], 0x5)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000080)={&(0x7f0000000040)=[r1, r1, r1, r1], 0x0, 0xe7217639645ab1d2})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r0, 0xc01064c1, &(0x7f00000002c0)={r1, 0x1, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000300)={0x0, 0x1, r3})

[   88.296353][    T9] cfg80211: failed to load regulatory.db
[   88.305027][ T5334] Bluetooth: hci0: command tx timeout
[   88.523715][ T5358] ------------[ cut here ]------------
[   88.526242][ T5358] WARNING: CPU: 0 PID: 5358 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   88.531118][ T5358] Modules linked in:
[   88.533787][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.538210][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.543377][ T5358] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   88.547033][ T5358] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 4e 08 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   88.556952][ T5358] RSP: 0018:ffffc9000d3b7940 EFLAGS: 00010246
[   88.559806][ T5358] RAX: ffffc9000d3b7900 RBX: 0000000000000015 RCX: 0000000000000000
[   88.563222][ T5358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3b79a8
[   88.567230][ T5358] RBP: ffffc9000d3b7a40 R08: ffffc9000d3b79a7 R09: 0000000000000000
[   88.571535][ T5358] R10: ffffc9000d3b7980 R11: fffff52001a76f35 R12: 0000000000000000
[   88.575052][ T5358] R13: 1ffff92001a76f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   88.578449][ T5358] FS:  00007f831e89c6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   88.582431][ T5358] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.585516][ T5358] CR2: 00007f831e87afc8 CR3: 000000004007b000 CR4: 0000000000352ef0
[   88.590007][ T5358] Call Trace:
[   88.591604][ T5358]  <TASK>
[   88.592799][ T5358]  ? kasan_save_track+0x3e/0x80
[   88.594902][ T5358]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   88.597492][ T5358]  ? security_file_ioctl+0xcb/0x2d0
[   88.599855][ T5358]  ? policy_nodemask+0x27c/0x720
[   88.601916][ T5358]  alloc_pages_mpol+0x232/0x4a0
[   88.603897][ T5358]  ___kmalloc_large_node+0x5f/0x1b0
[   88.606149][ T5358]  __kmalloc_large_node_noprof+0x18/0x90
[   88.608867][ T5358]  __kmalloc_noprof+0x36f/0x4f0
[   88.611870][ T5358]  ? drm_syncobj_array_find+0x3a/0x450
[   88.614620][ T5358]  drm_syncobj_array_find+0x3a/0x450
[   88.617056][ T5358]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   88.620091][ T5358]  ? drm_dev_exit+0x3a/0x60
[   88.622032][ T5358]  drm_ioctl_kernel+0x2cf/0x390
[   88.624295][ T5358]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   88.627482][ T5358]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   88.630138][ T5358]  drm_ioctl+0x67f/0xb10
[   88.632023][ T5358]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   88.634864][ T5358]  ? __pfx_drm_ioctl+0x10/0x10
[   88.636781][ T5358]  ? __fget_files+0x2a/0x420
[   88.638745][ T5358]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.641117][ T5358]  ? __pfx_drm_ioctl+0x10/0x10
[   88.643413][ T5358]  __se_sys_ioctl+0xf9/0x170
[   88.646164][ T5358]  do_syscall_64+0xfa/0x3b0
[   88.649535][ T5358]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.652077][ T5358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.654721][ T5358]  ? clear_bhb_loop+0x60/0xb0
[   88.656983][ T5358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.659652][ T5358] RIP: 0033:0x7f831d98ebe9
[   88.661794][ T5358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.670556][ T5358] RSP: 002b:00007f831e89c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.674788][ T5358] RAX: ffffffffffffffda RBX: 00007f831dbb5fa0 RCX: 00007f831d98ebe9
[   88.678234][ T5358] RDX: 0000200000000080 RSI: 00000000c01864cd RDI: 0000000000000003
[   88.681677][ T5358] RBP: 00007f831da11e19 R08: 0000000000000000 R09: 0000000000000000
[   88.685205][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.688796][ T5358] R13: 00007f831dbb6038 R14: 00007f831dbb5fa0 R15: 00007ffdf2e6b2d8
[   88.692680][ T5358]  </TASK>
[   88.694051][ T5358] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.697175][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.701280][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.706951][ T5358] Call Trace:
[   88.708531][ T5358]  <TASK>
[   88.709785][ T5358]  dump_stack_lvl+0x99/0x250
[   88.711810][ T5358]  ? __asan_memcpy+0x40/0x70
[   88.713753][ T5358]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.715994][ T5358]  ? __pfx__printk+0x10/0x10
[   88.717888][ T5358]  vpanic+0x281/0x750
[   88.719594][ T5358]  ? __pfx__printk+0x10/0x10
[   88.721559][ T5358]  ? __pfx_vpanic+0x10/0x10
[   88.723793][ T5358]  ? is_bpf_text_address+0x26/0x2b0
[   88.726622][ T5358]  panic+0xb9/0xc0
[   88.728683][ T5358]  ? __pfx_panic+0x10/0x10
[   88.730696][ T5358]  __warn+0x31b/0x4b0
[   88.732485][ T5358]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   88.735237][ T5358]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   88.738061][ T5358]  report_bug+0x2be/0x4f0
[   88.740164][ T5358]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   88.743128][ T5358]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   88.746635][ T5358]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   88.749860][ T5358]  handle_bug+0x84/0x160
[   88.751889][ T5358]  exc_invalid_op+0x1a/0x50
[   88.753978][ T5358]  asm_exc_invalid_op+0x1a/0x20
[   88.756090][ T5358] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   88.758777][ T5358] Code: 74 10 4c 89 e7 89 54 24 0c e8 c4 1d 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 4e 08 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   88.766819][ T5358] RSP: 0018:ffffc9000d3b7940 EFLAGS: 00010246
[   88.770185][ T5358] RAX: ffffc9000d3b7900 RBX: 0000000000000015 RCX: 0000000000000000
[   88.774553][ T5358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3b79a8
[   88.777827][ T5358] RBP: ffffc9000d3b7a40 R08: ffffc9000d3b79a7 R09: 0000000000000000
[   88.781254][ T5358] R10: ffffc9000d3b7980 R11: fffff52001a76f35 R12: 0000000000000000
[   88.784592][ T5358] R13: 1ffff92001a76f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   88.787969][ T5358]  ? kasan_save_track+0x3e/0x80
[   88.790112][ T5358]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   88.793002][ T5358]  ? security_file_ioctl+0xcb/0x2d0
[   88.795774][ T5358]  ? policy_nodemask+0x27c/0x720
[   88.798495][ T5358]  alloc_pages_mpol+0x232/0x4a0
[   88.800967][ T5358]  ___kmalloc_large_node+0x5f/0x1b0
[   88.803332][ T5358]  __kmalloc_large_node_noprof+0x18/0x90
[   88.805864][ T5358]  __kmalloc_noprof+0x36f/0x4f0
[   88.807888][ T5358]  ? drm_syncobj_array_find+0x3a/0x450
[   88.810278][ T5358]  drm_syncobj_array_find+0x3a/0x450
[   88.812557][ T5358]  drm_syncobj_timeline_signal_ioctl+0x14e/0x7d0
[   88.815764][ T5358]  ? drm_dev_exit+0x3a/0x60
[   88.819263][ T5358]  drm_ioctl_kernel+0x2cf/0x390
[   88.821683][ T5358]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   88.824732][ T5358]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   88.827158][ T5358]  drm_ioctl+0x67f/0xb10
[   88.829069][ T5358]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[   88.832089][ T5358]  ? __pfx_drm_ioctl+0x10/0x10
[   88.834259][ T5358]  ? __fget_files+0x2a/0x420
[   88.836308][ T5358]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.838352][ T5358]  ? __pfx_drm_ioctl+0x10/0x10
[   88.840541][ T5358]  __se_sys_ioctl+0xf9/0x170
[   88.843012][ T5358]  do_syscall_64+0xfa/0x3b0
[   88.845491][ T5358]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.848120][ T5358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.850822][ T5358]  ? clear_bhb_loop+0x60/0xb0
[   88.853015][ T5358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.855714][ T5358] RIP: 0033:0x7f831d98ebe9
[   88.857940][ T5358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.866554][ T5358] RSP: 002b:00007f831e89c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.870699][ T5358] RAX: ffffffffffffffda RBX: 00007f831dbb5fa0 RCX: 00007f831d98ebe9
[   88.874244][ T5358] RDX: 0000200000000080 RSI: 00000000c01864cd RDI: 0000000000000003
[   88.877500][ T5358] RBP: 00007f831da11e19 R08: 0000000000000000 R09: 0000000000000000
[   88.880860][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.884881][ T5358] R13: 00007f831dbb6038 R14: 00007f831dbb5fa0 R15: 00007ffdf2e6b2d8
[   88.889067][ T5358]  </TASK>
[   88.890757][ T5358] Kernel Offset: disabled
[   88.892610][ T5358] Rebooting in 86400 seconds..