program:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x48}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)={0x14, 0x15, 0xa, 0x201}, 0x14}}, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r5, 0xc03064ca, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffeffff, 0x0, 0xb})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000001b00)={'syz_tun\x00', &(0x7f0000001ac0)=@ethtool_cmd={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}})
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
socket(0x10, 0x3, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x48}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)={0x14, 0x15, 0xa, 0x201}, 0x14}}, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) (async)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r5, 0xc03064ca, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffeffff, 0x0, 0xb}) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}]}, 0x48}}, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)) (async)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000001b00)={'syz_tun\x00', &(0x7f0000001ac0)=@ethtool_cmd={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}}) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) (async)

[   84.904032][ T5297] Bluetooth: hci0: command tx timeout
[   85.044628][ T5320] ------------[ cut here ]------------
[   85.047284][ T5320] 1
[   85.047295][ T5320] WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5320
[   85.054105][ T5320] Modules linked in:
[   85.055959][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.059930][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.065117][ T5320] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   85.068109][ T5320] Code: 74 10 4c 89 e7 89 54 24 0c e8 6b 17 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 1e 11 d9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.077053][ T5320] RSP: 0018:ffffc9000ed3f8a0 EFLAGS: 00010246
[   85.079772][ T5320] RAX: ffffc9000ed3f800 RBX: 000000000000000f RCX: 0000000000000000
[   85.083571][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ed3f908
[   85.086969][ T5320] RBP: ffffc9000ed3f988 R08: ffffc9000ed3f907 R09: 0000000000000000
[   85.090443][ T5320] R10: ffffc9000ed3f8e0 R11: fffff52001da7f21 R12: 0000000000000000
[   85.094078][ T5320] R13: 1ffff92001da7f18 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.097596][ T5320] FS:  00007f528137d6c0(0000) GS:ffff88808cabd000(0000) knlGS:0000000000000000
[   85.101284][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.104145][ T5320] CR2: 00002000000000e4 CR3: 0000000011828000 CR4: 0000000000352ef0
[   85.107599][ T5320] Call Trace:
[   85.109153][ T5320]  <TASK>
[   85.110501][ T5320]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.113419][ T5320]  ? __pfx_policy_nodemask+0x10/0x10
[   85.115669][ T5320]  ? kasan_save_track+0x4f/0x80
[   85.118099][ T5320]  ? kasan_save_free_info+0x46/0x50
[   85.120323][ T5320]  ? __kasan_slab_free+0x5c/0x80
[   85.122374][ T5320]  ? kfree+0x1be/0x650
[   85.124463][ T5320]  alloc_pages_mpol+0x232/0x4a0
[   85.126557][ T5320]  ___kmalloc_large_node+0x4e/0x150
[   85.128699][ T5320]  __kmalloc_large_node_noprof+0x18/0x90
[   85.131301][ T5320]  __kmalloc_noprof+0x4b8/0x7e0
[   85.133551][ T5320]  ? drm_syncobj_array_find+0x3a/0x450
[   85.136060][ T5320]  drm_syncobj_array_find+0x3a/0x450
[   85.138360][ T5320]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   85.141135][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.144257][ T5320]  drm_ioctl_kernel+0x2df/0x3b0
[   85.146486][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.149419][ T5320]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.151885][ T5320]  drm_ioctl+0x6ba/0xb80
[   85.153954][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.156912][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   85.159071][ T5320]  ? __fget_files+0x2a/0x420
[   85.161186][ T5320]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.163622][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   85.165757][ T5320]  __se_sys_ioctl+0xfc/0x170
[   85.167837][ T5320]  do_syscall_64+0x14d/0xf80
[   85.169952][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.172826][ T5320]  ? trace_irq_disable+0x37/0x100
[   85.175294][ T5320]  ? clear_bhb_loop+0x40/0x90
[   85.177394][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.180065][ T5320] RIP: 0033:0x7f528059bf79
[   85.182098][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.189975][ T5320] RSP: 002b:00007f528137d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.193845][ T5320] RAX: ffffffffffffffda RBX: 00007f5280815fa0 RCX: 00007f528059bf79
[   85.197363][ T5320] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000007
[   85.200904][ T5320] RBP: 00007f52806327e0 R08: 0000000000000000 R09: 0000000000000000
[   85.204430][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.207972][ T5320] R13: 00007f5280816038 R14: 00007f5280815fa0 R15: 00007ffc68c3cb58
[   85.211571][ T5320]  </TASK>
[   85.213121][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.216486][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.220509][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.225004][ T5320] Call Trace:
[   85.226508][ T5320]  <TASK>
[   85.227799][ T5320]  vpanic+0x1e0/0x670
[   85.229976][ T5320]  panic+0xc5/0xd0
[   85.231902][ T5320]  ? __pfx_panic+0x10/0x10
[   85.234026][ T5320]  __warn+0x315/0x4a0
[   85.235870][ T5320]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.238544][ T5320]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.241323][ T5320]  __report_bug+0x29a/0x540
[   85.243433][ T5320]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.246139][ T5320]  ? __pfx___report_bug+0x10/0x10
[   85.248392][ T5320]  ? is_bpf_text_address+0x26/0x2b0
[   85.250687][ T5320]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.253414][ T5320]  report_bug+0x16a/0x220
[   85.255327][ T5320]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   85.257934][ T5320]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   85.260620][ T5320]  handle_bug+0x98/0x200
[   85.262541][ T5320]  exc_invalid_op+0x1a/0x50
[   85.264511][ T5320]  asm_exc_invalid_op+0x1a/0x20
[   85.266671][ T5320] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   85.269486][ T5320] Code: 74 10 4c 89 e7 89 54 24 0c e8 6b 17 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 1e 11 d9 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.278070][ T5320] RSP: 0018:ffffc9000ed3f8a0 EFLAGS: 00010246
[   85.280647][ T5320] RAX: ffffc9000ed3f800 RBX: 000000000000000f RCX: 0000000000000000
[   85.284138][ T5320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ed3f908
[   85.287611][ T5320] RBP: ffffc9000ed3f988 R08: ffffc9000ed3f907 R09: 0000000000000000
[   85.291056][ T5320] R10: ffffc9000ed3f8e0 R11: fffff52001da7f21 R12: 0000000000000000
[   85.294553][ T5320] R13: 1ffff92001da7f18 R14: 0000000000040cc0 R15: dffffc0000000000
[   85.297951][ T5320]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.300718][ T5320]  ? __pfx_policy_nodemask+0x10/0x10
[   85.303134][ T5320]  ? kasan_save_track+0x4f/0x80
[   85.305289][ T5320]  ? kasan_save_free_info+0x46/0x50
[   85.307533][ T5320]  ? __kasan_slab_free+0x5c/0x80
[   85.309728][ T5320]  ? kfree+0x1be/0x650
[   85.311590][ T5320]  alloc_pages_mpol+0x232/0x4a0
[   85.313770][ T5320]  ___kmalloc_large_node+0x4e/0x150
[   85.316112][ T5320]  __kmalloc_large_node_noprof+0x18/0x90
[   85.318652][ T5320]  __kmalloc_noprof+0x4b8/0x7e0
[   85.320938][ T5320]  ? drm_syncobj_array_find+0x3a/0x450
[   85.323398][ T5320]  drm_syncobj_array_find+0x3a/0x450
[   85.325875][ T5320]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   85.328476][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.332368][ T5320]  drm_ioctl_kernel+0x2df/0x3b0
[   85.334657][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.337692][ T5320]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.340131][ T5320]  drm_ioctl+0x6ba/0xb80
[   85.342115][ T5320]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   85.345069][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   85.347178][ T5320]  ? __fget_files+0x2a/0x420
[   85.349406][ T5320]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.352050][ T5320]  ? __pfx_drm_ioctl+0x10/0x10
[   85.354609][ T5320]  __se_sys_ioctl+0xfc/0x170
[   85.356797][ T5320]  do_syscall_64+0x14d/0xf80
[   85.358825][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.361579][ T5320]  ? trace_irq_disable+0x37/0x100
[   85.363895][ T5320]  ? clear_bhb_loop+0x40/0x90
[   85.366030][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.368611][ T5320] RIP: 0033:0x7f528059bf79
[   85.370684][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.379135][ T5320] RSP: 002b:00007f528137d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.382810][ T5320] RAX: ffffffffffffffda RBX: 00007f5280815fa0 RCX: 00007f528059bf79
[   85.386262][ T5320] RDX: 00002000000000c0 RSI: 00000000c03064ca RDI: 0000000000000007
[   85.389722][ T5320] RBP: 00007f52806327e0 R08: 0000000000000000 R09: 0000000000000000
[   85.393330][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.396799][ T5320] R13: 00007f5280816038 R14: 00007f5280815fa0 R15: 00007ffc68c3cb58
[   85.400214][ T5320]  </TASK>
[   85.401987][ T5320] Kernel Offset: disabled
[   85.403974][ T5320] Rebooting in 86400 seconds..