program:
r0 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000000)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc03064ca, &(0x7f00000000c0)={&(0x7f0000000100)=[r1], 0xfffffffffffffffe, 0xfffffffffffeffff, 0x4000027b, 0xb})
write$binfmt_aout(r0, &(0x7f0000000380)={{0x10b, 0x2, 0x40, 0x102, 0x143, 0x3ff, 0x373, 0x4}, "8a791aef50d4f9b9813bc902bf164d7c92817070b1603c76ed622f954e049dcac1687d832b18f4e1b9f514b53dd4fd096ced0dfc1a543b9f6358e1fecd565759793f27dd560bf895481234a89ba88136933a2d6c7f235bfb09525a4cbfdab0e70c79d40ced1827fc253e5dbe138b3da8893ba61aa91070aa35c25fd7fffcd147e811027cd5ea9757d8d06e774da00d6351936e40d85d73a0fbf8ddf886e0c50f43aed5512d356638b12426ee3a339baa2af58ac6d3e15b66e944b10d63a18eb45465827d8722e628823e5909ee56c8dbb996170d499ba221c8dcde3ca8fa368d2ebf88936263d6324563732da038d149cc9c942b822c5cfce7", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa19)
r2 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0xa9fe0000}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='r', 0x1}], 0x1}, 0xe0)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000040)={0x9a0000, 0x9, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0xa20933, 0x0, '\x00', @value=0x7}})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f00000000c0)=0x3000000)

[   84.649370][ T5296] Bluetooth: hci0: command tx timeout
[   84.733019][ T5321] ------------[ cut here ]------------
[   84.735396][ T5321] 1
[   84.735405][ T5321] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5321
[   84.741202][ T5321] Modules linked in:
[   84.743091][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.747119][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.751582][ T5321] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   84.754540][ T5321] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 f7 90 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   84.763063][ T5321] RSP: 0018:ffffc9000df5f8a0 EFLAGS: 00010246
[   84.765683][ T5321] RAX: ffffc9000df5f800 RBX: 0000000000000015 RCX: 0000000000000000
[   84.769321][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000df5f908
[   84.772721][ T5321] RBP: ffffc9000df5f988 R08: ffffc9000df5f907 R09: 0000000000000000
[   84.776153][ T5321] R10: ffffc9000df5f8e0 R11: fffff52001bebf21 R12: 0000000000000000
[   84.779618][ T5321] R13: 1ffff92001bebf18 R14: 0000000000040cc0 R15: dffffc0000000000
[   84.783632][ T5321] FS:  00007f88e74a06c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   84.787992][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.790869][ T5321] CR2: 00007f88e680f018 CR3: 0000000012e7a000 CR4: 0000000000352ef0
[   84.794231][ T5321] Call Trace:
[   84.795721][ T5321]  <TASK>
[   84.797147][ T5321]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   84.800080][ T5321]  ? __pfx_policy_nodemask+0x10/0x10
[   84.802498][ T5321]  ? kasan_save_track+0x4f/0x80
[   84.804688][ T5321]  ? kasan_save_track+0x3e/0x80
[   84.807265][ T5321]  ? kasan_save_free_info+0x46/0x50
[   84.809723][ T5321]  ? kfree+0x1c1/0x630
[   84.811614][ T5321]  ? tomoyo_path_number_perm+0x501/0x630
[   84.815147][ T5321]  ? security_file_ioctl+0xc3/0x2a0
[   84.817459][ T5321]  alloc_pages_mpol+0x232/0x4a0
[   84.819430][ T5321]  ___kmalloc_large_node+0x4e/0x150
[   84.821467][ T5321]  __kmalloc_large_node_noprof+0x18/0x90
[   84.823854][ T5321]  __kmalloc_noprof+0x3e8/0x760
[   84.826372][ T5321]  ? drm_syncobj_array_find+0x3a/0x440
[   84.829516][ T5321]  drm_syncobj_array_find+0x3a/0x440
[   84.832282][ T5321]  ? __lock_acquire+0x6b5/0x2cf0
[   84.834985][ T5321]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   84.838168][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.841475][ T5321]  drm_ioctl_kernel+0x2df/0x3b0
[   84.843605][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.846483][ T5321]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   84.848609][ T5321]  drm_ioctl+0x6ba/0xb80
[   84.850311][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.853558][ T5321]  ? __pfx_drm_ioctl+0x10/0x10
[   84.855623][ T5321]  ? __fget_files+0x2a/0x420
[   84.857670][ T5321]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.859859][ T5321]  ? __pfx_drm_ioctl+0x10/0x10
[   84.861697][ T5321]  __se_sys_ioctl+0xfc/0x170
[   84.863892][ T5321]  do_syscall_64+0x14d/0xf80
[   84.866101][ T5321]  ? trace_irq_disable+0x3b/0x150
[   84.868305][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.870744][ T5321]  ? clear_bhb_loop+0x40/0x90
[   84.872632][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.875043][ T5321] RIP: 0033:0x7f88e659c629
[   84.876941][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.885317][ T5321] RSP: 002b:00007f88e74a0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.889299][ T5321] RAX: ffffffffffffffda RBX: 00007f88e6815fa0 RCX: 00007f88e659c629
[   84.892780][ T5321] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000003
[   84.896402][ T5321] RBP: 00007f88e6632b39 R08: 0000000000000000 R09: 0000000000000000
[   84.899897][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.903250][ T5321] R13: 00007f88e6816038 R14: 00007f88e6815fa0 R15: 00007ffd5e307ca8
[   84.906558][ T5321]  </TASK>
[   84.907928][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.910859][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.914427][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.918419][ T5321] Call Trace:
[   84.919896][ T5321]  <TASK>
[   84.921234][ T5321]  vpanic+0x56c/0xa60
[   84.923567][ T5321]  ? __pfx__printk+0x10/0x10
[   84.925964][ T5321]  ? __pfx_vpanic+0x10/0x10
[   84.927952][ T5321]  ? is_bpf_text_address+0x292/0x2b0
[   84.930167][ T5321]  ? is_bpf_text_address+0x26/0x2b0
[   84.932465][ T5321]  panic+0xc5/0xd0
[   84.934458][ T5321]  ? __pfx_panic+0x10/0x10
[   84.936731][ T5321]  __warn+0x315/0x4f0
[   84.938543][ T5321]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.941135][ T5321]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.943708][ T5321]  __report_bug+0x29a/0x540
[   84.945763][ T5321]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.948406][ T5321]  ? __pfx___report_bug+0x10/0x10
[   84.950667][ T5321]  ? is_bpf_text_address+0x26/0x2b0
[   84.952892][ T5321]  ? is_bpf_text_address+0x292/0x2b0
[   84.955253][ T5321]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.958073][ T5321]  report_bug+0x16a/0x220
[   84.959940][ T5321]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.962537][ T5321]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   84.965099][ T5321]  handle_bug+0x98/0x200
[   84.966982][ T5321]  exc_invalid_op+0x1a/0x50
[   84.968993][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   84.971125][ T5321] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   84.974090][ T5321] Code: 74 10 4c 89 e7 89 54 24 0c e8 0b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 f7 90 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   84.982571][ T5321] RSP: 0018:ffffc9000df5f8a0 EFLAGS: 00010246
[   84.985304][ T5321] RAX: ffffc9000df5f800 RBX: 0000000000000015 RCX: 0000000000000000
[   84.988588][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000df5f908
[   84.991856][ T5321] RBP: ffffc9000df5f988 R08: ffffc9000df5f907 R09: 0000000000000000
[   84.995213][ T5321] R10: ffffc9000df5f8e0 R11: fffff52001bebf21 R12: 0000000000000000
[   84.998665][ T5321] R13: 1ffff92001bebf18 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.002146][ T5321]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.004923][ T5321]  ? __pfx_policy_nodemask+0x10/0x10
[   85.007265][ T5321]  ? kasan_save_track+0x4f/0x80
[   85.009231][ T5321]  ? kasan_save_track+0x3e/0x80
[   85.011304][ T5321]  ? kasan_save_free_info+0x46/0x50
[   85.013457][ T5321]  ? kfree+0x1c1/0x630
[   85.015147][ T5321]  ? tomoyo_path_number_perm+0x501/0x630
[   85.017439][ T5321]  ? security_file_ioctl+0xc3/0x2a0
[   85.019524][ T5321]  alloc_pages_mpol+0x232/0x4a0
[   85.021438][ T5321]  ___kmalloc_large_node+0x4e/0x150
[   85.023610][ T5321]  __kmalloc_large_node_noprof+0x18/0x90
[   85.025904][ T5321]  __kmalloc_noprof+0x3e8/0x760
[   85.028071][ T5321]  ? drm_syncobj_array_find+0x3a/0x440
[   85.030231][ T5321]  drm_syncobj_array_find+0x3a/0x440
[   85.032324][ T5321]  ? __lock_acquire+0x6b5/0x2cf0
[   85.034282][ T5321]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   85.036482][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.039164][ T5321]  drm_ioctl_kernel+0x2df/0x3b0
[   85.041109][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.043622][ T5321]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.045570][ T5321]  drm_ioctl+0x6ba/0xb80
[   85.047321][ T5321]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.050184][ T5321]  ? __pfx_drm_ioctl+0x10/0x10
[   85.052410][ T5321]  ? __fget_files+0x2a/0x420
[   85.054554][ T5321]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.057191][ T5321]  ? __pfx_drm_ioctl+0x10/0x10
[   85.059805][ T5321]  __se_sys_ioctl+0xfc/0x170
[   85.062244][ T5321]  do_syscall_64+0x14d/0xf80
[   85.064740][ T5321]  ? trace_irq_disable+0x3b/0x150
[   85.067381][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.070391][ T5321]  ? clear_bhb_loop+0x40/0x90
[   85.072451][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.074731][ T5321] RIP: 0033:0x7f88e659c629
[   85.076653][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.085050][ T5321] RSP: 002b:00007f88e74a0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.088773][ T5321] RAX: ffffffffffffffda RBX: 00007f88e6815fa0 RCX: 00007f88e659c629
[   85.092243][ T5321] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000003
[   85.095639][ T5321] RBP: 00007f88e6632b39 R08: 0000000000000000 R09: 0000000000000000
[   85.098958][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.102219][ T5321] R13: 00007f88e6816038 R14: 00007f88e6815fa0 R15: 00007ffd5e307ca8
[   85.105499][ T5321]  </TASK>
[   85.107340][ T5321] Kernel Offset: disabled
[   85.109192][ T5321] Rebooting in 86400 seconds..